CVE-2019-15002 Atlassian — Exploit & Vulnerability Details MEDIUM

CVE-2019-15002

MEDIUM CVSS 3.1: 4.3 EPSS 0.06%

Parameter	Value
CVSS	4.3 (MEDIUM)
Affected Versions	7.6.4 — 8.1.0
Type	CWE-352 (Cross-Site Request Forgery (CSRF))
Vendor	Atlassian
Public PoC	No

An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF token. As a result, an attacker can log a user into the system under an unexpected account.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

Low

Partial data leak

Integrity

None

No data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-352 Cross-Site Request Forgery (CSRF)

Vulnerable Products 2

Configuration	From (including)	Up to (excluding)
Atlassian Jira_Data_Center cpe:2.3:a:atlassian:jira_data_center::::::::	`7.6.4`	`<= 8.1.0`
Atlassian Jira_Server cpe:2.3:a:atlassian:jira_server::::::::	`7.6.4`	`<= 8.1.0`

References 1

https://jira.atlassian.com/browse/JRASERVER-67979

security@atlassian.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-21570

Atlassian

8.6

CVE-2025-22166

Atlassian

7.5

CVE-2022-26138

Atlassian

9.8

Menu

CVE-2019-15002

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 2

References 1

Related Vulnerabilities

CVE-2026-21570

CVE-2025-22166

CVE-2022-26138

CVE Details

Editor's Choice

Menu

CVE-2019-15002

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 2

References 1

Related Vulnerabilities

CVE-2026-21570

CVE-2025-22166

CVE-2022-26138

CVE Details

Editor's Choice

Stay informed on cybersecurity