The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery (CSRF) vulnerability.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://jira.atlassian.com/browse/JRASERVER-72233 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2021-04-01T02:30:14.635180Z
Updated: 2024-09-17T03:13:35.908Z
Reserved: 2021-01-25T00:00:00
Link: CVE-2021-26071
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-04-01T03:15:14.150
Modified: 2024-11-21T05:55:48.767
Link: CVE-2021-26071
Redhat
No data.