CVE-2023-30607

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-30607
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-30607.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-30607
Aliases
  • GHSA-gh7w-7f7j-gwp5
Published
2023-07-05T18:15:10Z
Modified
2024-05-30T04:04:46.484193Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

icingaweb2-module-jira provides integration with Atlassian Jira. Starting in version 1.3.0 and prior to version 1.3.2, template and field configuration forms perform the deletion action before user input is validated, including the cross site request forgery token. This issue is fixed in version 1.3.2. There are no known workarounds.

References

Affected packages

Git / github.com/icinga/icingaweb2-module-jira

Affected ranges

Type
GIT
Repo
https://github.com/icinga/icingaweb2-module-jira
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v1.*

v1.0.0
v1.0.1
v1.1.0
v1.2.0
v1.2.1
v1.2.2
v1.3.0
v1.3.1