The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request to bypass CSRF protection and replay a crafted request.
References
| Link | Resource |
|---|---|
| https://jira.atlassian.com/browse/JRASERVER-72761 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
24 Feb 2022, 20:18
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 4.3 |
27 Sep 2021, 16:09
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://jira.atlassian.com/browse/JRASERVER-72761 - Vendor Advisory |
24 Sep 2021, 12:14
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://jira.atlassian.com/browse/JRASERVER-72761 - Third Party Advisory | |
| CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 8.8 |
| CWE | CWE-352 | |
| CPE | cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:* |
14 Sep 2021, 05:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-09-14 05:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-39124
Mitre link : CVE-2021-39124
CVE.ORG link : CVE-2021-39124
JSON object : View
Products Affected
atlassian
- jira
- data_center
CWE
CWE-352
Cross-Site Request Forgery (CSRF)