• Type: Public Security Vulnerability
• Resolution: Fixed
• Priority: Low (View bug fix roadmap)
• Fix Version/s: 8.21.0, 8.13.16, 8.20.5
• Affects Version/s: 8.20.0
• Component/s: None
• Labels:

  • advisory
  • advisory-released
  • dont-import
  • security

[JRASERVER-73170] CSRF allows toggling Thread Contention and CPU Monitoring - CVE-2021-43953

Edson Araujo made changes - 15/Dec/2023 2:33 PM

Remote Link

Original: This issue links to "JSEC-690 (Bulldog)" [ 622607 ]

New: This issue links to "JSEC-690 (JIRA Server (Bulldog))" [ 622607 ]

Mandeep Jadon made changes - 21/Feb/2023 3:40 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 733449 ]

David Black made changes - 14/Mar/2022 12:31 AM

Description

Original: Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, from version 8.14.0 before 8.20.5. *Affected versions:*  * version < 8.13.16  * 8.14.0 <= version < 8.20.5 *Fixed versions:*  * 8.13.16  * 8.20.5  * 8.21.0

New: Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5. *Affected versions:*  * version < 8.13.16  * 8.14.0 <= version < 8.20.5 *Fixed versions:*  * 8.13.16  * 8.20.5  * 8.21.0

David Black made changes - 14/Mar/2022 12:28 AM

Labels

Original: advisory advisory-to-release dont-import security

New: advisory advisory-released dont-import security

David Black made changes - 14/Mar/2022 12:27 AM

Description

Original: Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.21.0. *Affected versions:*  * version < 8.21.0 *Fixed versions:*  * 8.21.0

New: Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, from version 8.14.0 before 8.20.5. *Affected versions:*  * version < 8.13.16  * 8.14.0 <= version < 8.20.5 *Fixed versions:*  * 8.13.16  * 8.20.5  * 8.21.0

Vivek Yadavayyanamath made changes - 21/Feb/2022 2:57 PM

Fix Version/s

New: 8.20.5 [ 98793 ]

Alp made changes - 21/Feb/2022 2:49 PM

Fix Version/s

New: 8.13.16 [ 98194 ]

Filipi Lima made changes - 21/Feb/2022 2:43 PM

Remote Link

New: This issue links to "JSEC-691 (JIRA Server (Bulldog))" [ 622617 ]

Filipi Lima made changes - 21/Feb/2022 1:49 PM

Remote Link

New: This issue links to "JSEC-690 (Bulldog)" [ 622607 ]

Security Metrics Bot made changes - 20/Feb/2022 8:28 PM

CVE ID

New: CVE-2021-43953

Load more older history items