Vulnerabilities > CVE-2019-11589 - Open Redirect vulnerability in Atlassian Jira Server
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Fake the Source of Data An adversary provides data under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or it might be an attempt by the adversary to assume the rights granted to another identity. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
Nessus
NASL family CGI abuses NASL id JIRA_7_13_6.NASL description According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is prior to 7.3.16, 8.2.x prior to 8.2.3, or 8.3.x prior to 8.3.2. It is, therefore, affected by multiple vulnerabilities: - An open rediect vulnerability exists in startup.jsp. An unauthenticated, remote attacker can exploit this by convincing a user to click a specially crafted URL, to redirect the user last seen 2020-06-01 modified 2020-06-02 plugin id 128282 published 2019-08-28 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128282 title Atlassian JIRA Open Redirect Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(128282); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/28"); script_cve_id("CVE-2019-11585", "CVE-2019-11589"); script_name(english:"Atlassian JIRA Open Redirect Vulnerabilities"); script_set_attribute(attribute:"synopsis", value: "The remote web server hosts a web application that is potentially affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is prior to 7.3.16, 8.2.x prior to 8.2.3, or 8.3.x prior to 8.3.2. It is, therefore, affected by multiple vulnerabilities: - An open rediect vulnerability exists in startup.jsp. An unauthenticated, remote attacker can exploit this by convincing a user to click a specially crafted URL, to redirect the user's browser to an unexpected malicious page. (CVE-2019-11585) - An open redirect vulnerability exists in the ChangeSharedFilterOwner resource. An unauthenticated, remote attacker can exploit this by convincing a user to click a specially crafted URL, to redirect the user's browser and potentially steal their CSRF token. (CVE-2019-11589)"); script_set_attribute(attribute:"see_also", value:"https://jira.atlassian.com/browse/JRASERVER-69780"); script_set_attribute(attribute:"see_also", value:"https://jira.atlassian.com/browse/JRASERVER-69784"); script_set_attribute(attribute:"solution", value: "Upgrade to Atlassian JIRA version 7.13.6 / 8.2.3 / 8.3.2 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11589"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/09"); script_set_attribute(attribute:"patch_publication_date", value:"2019/08/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/28"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/a:atlassian:jira"); script_set_attribute(attribute:"agent", value:"all"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("jira_detect.nasl", "atlassian_jira_win_installed.nbin", "atlassian_jira_nix_installed.nbin"); script_require_keys("installed_sw/Atlassian JIRA"); exit(0); } include('vcf.inc'); app_info = vcf::combined_get_app_info(app:'Atlassian JIRA'); constraints = [ { 'fixed_version' : '7.13.6' }, { 'min_version' : '8.2.0', 'fixed_version' : '8.2.3' }, { 'min_version' : '8.3.0', 'fixed_version' : '8.3.2' } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:{xsrf:true});NASL family CGI abuses NASL id JIRA_8_3_2_CVE-2019-11585.NASL description According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is potentially affected by multiple vulnerabilities: - An open redirect vulnerability exists in the startup.jsp resource. An unauthenticated, remote attacker can exploit this via the network to redirect users to a different website which they may use as part of performing a phishing attack. (CVE-2019-11585) - A Cross-site request forgery (XSRF) vulnerability exists in the AddResolution.jspa resource. An unauthenticated, remote attacker can exploit this via the network to create new resolutions. (CVE-2019-11586) - A Cross-site request forgery (XSRF) vulnerability exists in various exposed resources of the ViewLogging class. An unauthenticated, remote attacker can exploit this via the network to modify various settings. (CVE-2019-11587) - A Cross-site request forgery (XSRF) vulnerability exists in the doGarbageCollection method of the ViewSystemInfo class. An unauthenticated, remote attacker can exploit this via the network to trigger garbage collection. (CVE-2019-11588) - An open redirect vulnerability exists in the ChangeSharedFilterOwner resource. An unauthenticated, remote attacker can exploit this via the network to attack users, and in some cases be able to obtain a user last seen 2020-06-01 modified 2020-06-02 plugin id 129593 published 2019-10-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129593 title Atlassian JIRA 7.13.x < 7.13.6 / 8.x < 8.2.3 / 8.3.x < 8.3.2 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(129593); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/28"); script_cve_id( "CVE-2019-11585", "CVE-2019-11586", "CVE-2019-11587", "CVE-2019-11588", "CVE-2019-11589" ); script_name(english:"Atlassian JIRA 7.13.x < 7.13.6 / 8.x < 8.2.3 / 8.3.x < 8.3.2 Multiple Vulnerabilities"); script_set_attribute(attribute:"synopsis", value: "The remote web server hosts a web application that is potentially affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is potentially affected by multiple vulnerabilities: - An open redirect vulnerability exists in the startup.jsp resource. An unauthenticated, remote attacker can exploit this via the network to redirect users to a different website which they may use as part of performing a phishing attack. (CVE-2019-11585) - A Cross-site request forgery (XSRF) vulnerability exists in the AddResolution.jspa resource. An unauthenticated, remote attacker can exploit this via the network to create new resolutions. (CVE-2019-11586) - A Cross-site request forgery (XSRF) vulnerability exists in various exposed resources of the ViewLogging class. An unauthenticated, remote attacker can exploit this via the network to modify various settings. (CVE-2019-11587) - A Cross-site request forgery (XSRF) vulnerability exists in the doGarbageCollection method of the ViewSystemInfo class. An unauthenticated, remote attacker can exploit this via the network to trigger garbage collection. (CVE-2019-11588) - An open redirect vulnerability exists in the ChangeSharedFilterOwner resource. An unauthenticated, remote attacker can exploit this via the network to attack users, and in some cases be able to obtain a user's Cross-site request forgery (XSRF) token. (CVE-2019-11589)"); script_set_attribute(attribute:"see_also", value:"https://jira.atlassian.com/browse/JRASERVER-69780"); script_set_attribute(attribute:"see_also", value:"https://jira.atlassian.com/browse/JRASERVER-69781"); script_set_attribute(attribute:"see_also", value:"https://jira.atlassian.com/browse/JRASERVER-69782"); script_set_attribute(attribute:"see_also", value:"https://jira.atlassian.com/browse/JRASERVER-69783"); script_set_attribute(attribute:"see_also", value:"https://jira.atlassian.com/browse/JRASERVER-69784"); script_set_attribute(attribute:"solution", value: "Upgrade to Atlassian JIRA version 7.13.6 / 8.2.3 / 8.3.2 / 8.4.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11585"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/23"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/07"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/a:atlassian:jira"); script_set_attribute(attribute:"agent", value:"all"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("jira_detect.nasl", "atlassian_jira_win_installed.nbin", "atlassian_jira_nix_installed.nbin"); script_require_keys("installed_sw/Atlassian JIRA"); exit(0); } include('vcf.inc'); app_info = vcf::combined_get_app_info(app:'Atlassian JIRA'); # Based on the JIRA advisories, the minimum version is set to 7.13.x constraints = [ { 'min_version' : '7.13.0', 'fixed_version' : '7.13.6' }, { 'min_version' : '8.0.0', 'fixed_version' : '8.2.3' }, { 'min_version' : '8.3.0', 'fixed_version' : '8.3.2' } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:{xsrf:true});