Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint.

This bug is currently fixed on Jira 8.21.0.
Non LTS versions < 8.21.0 are still affected.

Previous LTS versions affected by this bug: 

• Jira < 8.20.6 and Jira < 8.13.18

The bug fix was backported to the following previous LTS version patches:

• Fixed on Jira 8.20.6 and 8.13.18