The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery (CSRF) vulnerability.
References
Link | Resource |
---|---|
https://jira.atlassian.com/browse/JRASERVER-72233 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
30 Mar 2022, 13:29
Type | Values Removed | Values Added |
---|---|---|
First Time |
Atlassian jira Data Center
|
|
CPE | cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:* |
25 Mar 2022, 18:14
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:* | |
First Time |
Atlassian jira Server
|
05 Apr 2021, 19:33
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://jira.atlassian.com/browse/JRASERVER-72233 - Patch, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 3.5 |
CPE | cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:* |
|
CWE | CWE-352 |
01 Apr 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-04-01 03:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-26071
Mitre link : CVE-2021-26071
CVE.ORG link : CVE-2021-26071
JSON object : View
Products Affected
atlassian
- jira_data_center
- data_center
- jira
- jira_server
CWE
CWE-352
Cross-Site Request Forgery (CSRF)