CVE-2016-4319 Atlassian JIRA Server auditing/settings Cross Site Request Forgery Vulnerability




Jira is a proprietary issue tracking product, developed by Atlassian. It provides bug tracking, issue tracking, and project management functions.

Atlassian JIRA Server is prone to a cross-site request-forgery vulnerability in auditing/settings because it fails to properly validate HTTP requests.

Affected Software:
Atlassian JIRA Server versions prior to 7.1.9

QID Detection Logic:
This unauthenticated QID retrieves vulnerable installations of JIRA by visiting the secure/Dashboard.jspa webpage.


Successful exploitation allows a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.


Customers are advised to uprade to Atlassian JIRA 7.1.9 or later to remediate this vulnerability.

Following are links for downloading patches to fix the vulnerabilities:

Atlassian JIRA 7.1.9

Leave a Reply