Lucene search
Security-metrics-botATLASSIAN:JRASERVER-72233HistoryMar 17, 2021 - 9:41 p.m.
CSRF in the SetFeatureEnabled.jspa resource - CVE-2021-26071
2021-03-1721:41:09
security-metrics-bot
jira.atlassian.com
16
jira
server
data center
csrf
vulnerability
setfeatureenabled.jspa
EPSS
0.001
Percentile
16.2%
The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery (CSRF) vulnerability.
Affected versions:
- version < 8.5.13
- 8.6.0 ā¤ version < 8.13.5
- 8.14.0 ā¤ version < 8.15.1
Fixed versions:
- 8.5.13
- 8.13.5
- 8.15.1
Related
atlassian
atlassian
CSRF in the SetFeatureEnabled.jspa resource - CVE-2021-26071
2021-03-17 21:41:09
cve
cve
CVE-2021-26071
2021-04-01 03:15:14
cvelist
cvelist
CVE-2021-26071
2021-04-01 02:30:14
nvd
nvd
CVE-2021-26071
2021-04-01 03:15:14
cnvd
cnvd
prion
prion
Cross site request forgery (csrf)
2021-04-01 03:15:00
nessus
nessus
Atlassian Jira < 8.5.13 Multiple Vulnerabilities
2021-07-02 00:00:00
Atlassian Jira 8.6.x < 8.13.5 Multiple Vulnerabilities
2021-07-02 00:00:00
Atlassian Jira 8.14.x < 8.15.1 Multiple Vulnerabilities (2/2)
2021-07-02 00:00:00