CVE-2023-30607 Vulnerability Details

  /     /     /  

CVE-2023-30607 Metadata Quick Info

CVE Published: 05/07/2023 | CVE Updated: 24/10/2024 | CVE Year: 2023
Source: GitHub_M | Vendor: Icinga | Product: icingaweb2-module-jira
Status : PUBLISHED

---

CVE-2023-30607 Description

icingaweb2-module-jira provides integration with Atlassian Jira. Starting in version 1.3.0 and prior to version 1.3.2, template and field configuration forms perform the deletion action before user input is validated, including the cross site request forgery token. This issue is fixed in version 1.3.2. There are no known workarounds.

Metrics

CVSS Version: 3.1 | Base Score: 5 MEDIUM
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* LOW
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-352
CWE Name: CWE-352: Cross-Site Request Forgery (CSRF)
Source: Icinga

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).