The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery (CSRF) vulnerability.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: atlassian

Published: 2021-04-01T02:30:14.635180Z

Updated: 2024-09-17T03:13:35.908Z

Reserved: 2021-01-25T00:00:00

Link: CVE-2021-26071

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-04-01T03:15:14.150

Modified: 2024-11-21T05:55:48.767

Link: CVE-2021-26071

cve-icon Redhat

No data.