CVE-2023-30607

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-30607
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-30607.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-30607
Related
  • GHSA-gh7w-7f7j-gwp5
Published
2023-07-05T18:15:10Z
Modified
2025-07-01T23:06:18.936296Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

icingaweb2-module-jira provides integration with Atlassian Jira. Starting in version 1.3.0 and prior to version 1.3.2, template and field configuration forms perform the deletion action before user input is validated, including the cross site request forgery token. This issue is fixed in version 1.3.2. There are no known workarounds.

References

Affected packages

Git / github.com/icinga/icingaweb2-module-jira

Affected ranges

Type
GIT
Repo
https://github.com/icinga/icingaweb2-module-jira
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

v1.*

v1.0.0
v1.0.1
v1.1.0
v1.2.0
v1.2.1
v1.2.2
v1.3.0
v1.3.1