Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-72233

CSRF in the SetFeatureEnabled.jspa resource - CVE-2021-26071

    XMLWordPrintable

Details

    • 3.5
    • Low
    • CVE-2021-26071

    Description

      The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery (CSRF) vulnerability.

       

      Affected versions:

      • version < 8.5.13
      • 8.6.0 ≤ version < 8.13.5
      • 8.14.0 ≤ version < 8.15.1

      Fixed versions:

      • 8.5.13
      • 8.13.5
      • 8.15.1  

      Attachments

        Activity

          People

            Unassigned Unassigned
            security-metrics-bot Security Metrics Bot
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: