[JRASERVER-72761] Replay attack via the CSRF failure retry form - CVE-2021-39124 - Create and track feature requests for Atlassian products.

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low (View bug fix roadmap)
Fix Version/s: 8.16.0
Affects Version/s: 8.15.0
Component/s: None
Labels:

CVSS Score:
4.3
CVSS Severity:
Medium
CVE ID:
CVE-2021-39124

The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request to bypass CSRF protection and replay a crafted request.

*Affected versions:*

version < 8.16.0

*Fixed versions:*

8.16.0

mentioned in: Page Failed to load; Page Failed to load; Page Failed to load; Page Failed to load; Page Failed to load; Page Loading...

(1 mentioned in)

Loading...

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low
Fix Version/s: 8.16.0
Affects Version/s: 8.15.0
Component/s: None
Labels:

CVSS Score:
4.3
CVSS Severity:
Medium
CVE ID:
CVE-2021-39124

The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request to bypass CSRF protection and replay a crafted request.

*Affected versions:*

version < 8.16.0

*Fixed versions:*

8.16.0

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(1 mentioned in)

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 01/Sep/2021 11:49 PM

Updated:: 03/Oct/2022 6:11 PM

Resolved:: 14/Sep/2021 4:22 AM

Details

Description

Attachments

Issue Links

Forms

Activity