The host is installed with Atlassian Jira Server version 7.4.0 before version 8.4.0 and is prone to a cross site request forgery. A flaw is present in the application which fails to properly handle the Webwork action. Successful exploitation could allow attackers to to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance.