icingaweb2-module-jira provides integration with Atlassian Jira. Starting in version 1.3.0 and prior to version 1.3.2, template and field configuration forms perform the deletion action before user input is validated, including the cross site request forgery token. This issue is fixed in version 1.3.2. There are no known workarounds.
References
Configurations
History
11 Jul 2023, 18:16
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:a:icinga:icinga_web_jira_integration:*:*:*:*:*:*:*:* | |
References | (MISC) https://github.com/Icinga/icingaweb2-module-jira/security/advisories/GHSA-gh7w-7f7j-gwp5 - Vendor Advisory | |
References | (MISC) https://github.com/Icinga/icingaweb2-module-jira/releases/tag/v1.3.2 - Release Notes | |
References | (MISC) https://github.com/Icinga/icingaweb2-module-jira/commit/7f0c53b7a3e87be2f4c2e8840805d7b7c9762424 - Patch |
05 Jul 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-05 18:15
Updated : 2024-02-04 23:37
NVD link : CVE-2023-30607
Mitre link : CVE-2023-30607
CVE.ORG link : CVE-2023-30607
JSON object : View
Products Affected
icinga
- icinga_web_jira_integration
CWE
CWE-352
Cross-Site Request Forgery (CSRF)