SynopsisThe remote web server hosts a web application that is potentially affected by multiple cross-site request forgery vulnerabilities.
DescriptionAccording to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is 7.x greater than or equal to 7.6, 8.x prior to 8.5.4, or 8.6.x prior to 8.6.2. It is, therefore, affected by multiple vulnerabilities:
- An input-validation flaw exists related to the VerifySmtpServerConnection!add.jspa component that allows cross-site request forgery attacks.
- An input-validation flaw exists related to the VerifyPopServerConnection!add.jspa component that allows cross-site request forgery attacks.
SolutionUpgrade to Atlassian JIRA version 8.5.4, 8.6.2, or later.