{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-03T01:34:16.060","vulnerabilities":[{"cve":{"id":"CVE-2018-13401","sourceIdentifier":"security@atlassian.com","published":"2018-10-23T13:29:03.040","lastModified":"2024-11-21T03:47:01.970","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability."},{"lang":"es","value":"El recurso XsrfErrorAction en Atlassian Jira en versiones anteriores a la 7.6.9, desde la versión 7.7.0 anterior a la 7.7.5, desde la versión 7.8.0 anterior a la 7.8.5, desde la versión 7.9.0 anterior a la 7.9.3, desde la versión 7.10.0 anterior a la 7.10.3, desde la versión 7.11.0 anterior a la 7.11.3, desde la versión 7.12.0 anterior a la 7.12.3 y antes de la versión 7.13.1 permite que atacantes remotos obtengan el token Cross-Site Request Forgery (CSRF) de un usuario a través de una vulnerabilidad de redirección abierta."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*","versionEndExcluding":"7.6.9","matchCriteriaId":"25E9DDE1-F33F-4F65-A521-807D4F09C0AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.0","versionEndExcluding":"7.7.5","matchCriteriaId":"300D871F-7128-41F1-BCC8-BE7C3687741B"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.8.0","versionEndExcluding":"7.8.5","matchCriteriaId":"A04E4050-271E-4D23-B988-E02D5A651386"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.9.0","versionEndExcluding":"7.9.3","matchCriteriaId":"2A3C3F9E-5BDD-48F3-B45F-9B9C6D31CAE2"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.10.0","versionEndExcluding":"7.10.3","matchCriteriaId":"C568973F-5079-49ED-928D-7F11C842CF4B"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.11.0","versionEndExcluding":"7.11.3","matchCriteriaId":"551A5667-1184-4E3D-9AA7-90C8D18590C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.12.0","versionEndExcluding":"7.12.3","matchCriteriaId":"078CC169-BA97-4F89-A9AE-05E21FC867CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.13.0","versionEndExcluding":"7.13.1","matchCriteriaId":"C0A81285-A452-4AFE-94BE-3B27014535A3"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/105751","source":"security@atlassian.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://jira.atlassian.com/browse/JRASERVER-68139","source":"security@atlassian.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/105751","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://jira.atlassian.com/browse/JRASERVER-68139","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]}]}}]}