Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint.
This bug is currently fixed on Jira 8.21.0.
Non LTS versions < 8.21.0 are still affected.
Previous LTS versions affected by this bug:
- Jira < 8.20.6 and Jira < 8.13.18
The bug fix was backported to the following previous LTS version patches:
- Fixed on Jira 8.20.6 and 8.13.18