CVE-2023-30607

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jul 5, 2023

Updated: Jul 11, 2023

CWE ID 352

Summary

CVE-2023-30607 affects the 'icingaweb2-module-jira' integration module for Atlassian Jira in Icinga Web 2. The vulnerability, which exists in versions 1.3.0 through 1.3.1, allows for cross-site request forgery (CSRF) attacks. When using template and field configuration forms, the deletion action is executed before user input is validated, including the CSRF token. As a result, an attacker can delete Jira configurations without the user's knowledge or consent. The issue is resolved in version 1.3.2, and there are currently no known workarounds.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r4qr0_
https://www.cve.org/CVERecord?id=CVE-2023-30607
https://nvd.nist.gov/vuln/detail/CVE-2023-30607

Back to Vulnerability Database

CVE-2023-30607

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations