CVE-2023-30607 MEDIUM

CVE-2023-30607: icingaweb2-module-jira template and field configuration are susceptible to CSRF

Vendor Icinga

Product icingaweb2-module-jira

Weakness CWE-352 · CSRF

Published July 5, 2023

Last update October 24, 2024

View on NVD All CVEs

CVSS base score

5.0/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

icingaweb2-module-jira provides integration with Atlassian Jira. Starting in version 1.3.0 and prior to version 1.3.2, template and field configuration forms perform the deletion action before user input is validated, including the cross site request forgery token. This issue is fixed in version 1.3.2. There are no known workarounds.

Key dates

02Disclosure timeline

July 5, 2023 CVE published

October 24, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-30607 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2023-25971 WordPress Educare – Students & Result Management System Plugin <= 1.4.1 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2025-31921 WordPress WP Ultimate Tours Builder plugin <= 1.055 - Cross Site Request Forgery (CSRF) Vulnerability CVE-2026-2723 Post Snippits <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update CVE-2024-54423 WordPress Social Media Sharing plugin <= 1.1 - CSRF to Stored XSS vulnerability CVE-2025-0865 WP Media Category Management 2.0 - 2.3.3 - Cross-Site Request Forgery to Settings Update