CVE-2021-43953

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5.
References
Link Resource
https://jira.atlassian.com/browse/JRASERVER-73170 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*

History

25 Apr 2022, 19:35

Type Values Removed Values Added
References (MISC) https://jira.atlassian.com/browse/JRASERVER-73170 - Vendor Advisory (MISC) https://jira.atlassian.com/browse/JRASERVER-73170 - Issue Tracking, Vendor Advisory

14 Mar 2022, 02:15

Type Values Removed Values Added
Summary Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.21.0. Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5.

23 Feb 2022, 02:28

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 4.3
References (MISC) https://jira.atlassian.com/browse/JRASERVER-73170 - (MISC) https://jira.atlassian.com/browse/JRASERVER-73170 - Vendor Advisory
CWE CWE-352
First Time Atlassian data Center
Atlassian jira
Atlassian
CPE cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*

15 Feb 2022, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-02-15 03:15

Updated : 2022-04-25 19:35


NVD link : CVE-2021-43953

Mitre link : CVE-2021-43953


JSON object : View

Products Affected

atlassian

  • data_center
  • jira
CWE
CWE-352

Cross-Site Request Forgery (CSRF)