CVE-2021-43953 - Vulnerability Details

Vendors	Products
Atlassian	Data Center Jira

Link	Providers
https://jira.atlassian.com/browse/JRASERVER-73170

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Jira Server", "vendor": "Atlassian", "versions": [{"lessThan": "8.13.16", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "next of 8.14.0", "versionType": "custom"}, {"lessThan": "8.20.5", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Jira Data Center", "vendor": "Atlassian", "versions": [{"lessThan": "8.13.16", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "next of 8.14.0", "versionType": "custom"}, {"lessThan": "8.20.5", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2022-01-06T00:00:00", "descriptions": [{"lang": "en", "value": "Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5."}], "problemTypes": [{"descriptions": [{"description": "Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-03-14T01:45:17", "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://jira.atlassian.com/browse/JRASERVER-73170"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2022-01-06T00:00:00", "ID": "CVE-2021-43953", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jira Server", "version": {"version_data": [{"version_affected": "<", "version_value": "8.13.16"}, {"version_affected": ">", "version_value": "8.14.0"}, {"version_affected": "<", "version_value": "8.20.5"}]}}, {"product_name": "Jira Data Center", "version": {"version_data": [{"version_affected": "<", "version_value": "8.13.16"}, {"version_affected": ">", "version_value": "8.14.0"}, {"version_affected": "<", "version_value": "8.20.5"}]}}]}, "vendor_name": "Atlassian"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-Site Request Forgery (CSRF)"}]}]}, "references": {"reference_data": [{"name": "https://jira.atlassian.com/browse/JRASERVER-73170", "refsource": "MISC", "url": "https://jira.atlassian.com/browse/JRASERVER-73170"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:10:16.450Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.atlassian.com/browse/JRASERVER-73170"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-08T14:38:34.132122Z", "id": "CVE-2021-43953", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T14:38:59.629Z"}}]}, "cveMetadata": {"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "assignerShortName": "atlassian", "cveId": "CVE-2021-43953", "datePublished": "2022-02-15T02:40:10.288350Z", "dateReserved": "2021-11-16T00:00:00", "dateUpdated": "2024-10-08T14:38:59.629Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Jira Server (string)

vendor : Atlassian (string)

versions : [ »

0 : { »

lessThan : 8.13.16 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

1 : { »

lessThan : unspecified (string)

status : affected (string)

version : next of 8.14.0 (string)

versionType : custom (string)

}

2 : { »

lessThan : 8.20.5 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

1 : { »

product : Jira Data Center (string)

vendor : Atlassian (string)

versions : [ »

0 : { »

lessThan : 8.13.16 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

1 : { »

lessThan : unspecified (string)

status : affected (string)

version : next of 8.14.0 (string)

versionType : custom (string)

}

2 : { »

lessThan : 8.20.5 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

]

datePublic : 2022-01-06T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Cross-Site Request Forgery (CSRF) (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2022-03-14T01:45:17 (string)

orgId : f08a6ab8-ed46-4c22-8884-d911ccfe3c66 (string)

shortName : atlassian (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://jira.atlassian.com/browse/JRASERVER-73170 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@atlassian.com (string)

DATE_PUBLIC : 2022-01-06T00:00:00 (string)

ID : CVE-2021-43953 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Jira Server (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_value : 8.13.16 (string)

}

1 : { »

version_affected : > (string)

version_value : 8.14.0 (string)

}

2 : { »

version_affected : < (string)

version_value : 8.20.5 (string)

}

]

}

1 : { »

product_name : Jira Data Center (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_value : 8.13.16 (string)

}

1 : { »

version_affected : > (string)

version_value : 8.14.0 (string)

}

2 : { »

version_affected : < (string)

version_value : 8.20.5 (string)

}

]

}

]

}

vendor_name : Atlassian (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Cross-Site Request Forgery (CSRF) (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://jira.atlassian.com/browse/JRASERVER-73170 (string)

refsource : MISC (string)

url : https://jira.atlassian.com/browse/JRASERVER-73170 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T04:10:16.450Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://jira.atlassian.com/browse/JRASERVER-73170 (string)

}

]

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-10-08T14:38:34.132122Z (string)

id : CVE-2021-43953 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-10-08T14:38:59.629Z (string)

}

]

}

cveMetadata : { »

assignerOrgId : f08a6ab8-ed46-4c22-8884-d911ccfe3c66 (string)

assignerShortName : atlassian (string)

cveId : CVE-2021-43953 (string)

datePublished : 2022-02-15T02:40:10.288350Z (string)

dateReserved : 2021-11-16T00:00:00 (string)

dateUpdated : 2024-10-08T14:38:59.629Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://jira.atlassian.com/browse/JRASERVER-73170", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:10:16.450Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-43953", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-08T14:38:34.132122Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T14:38:54.995Z"}}], "cna": {"affected": [{"vendor": "Atlassian", "product": "Jira Server", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "8.13.16", "versionType": "custom"}, {"status": "affected", "version": "next of 8.14.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "8.20.5", "versionType": "custom"}]}, {"vendor": "Atlassian", "product": "Jira Data Center", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "8.13.16", "versionType": "custom"}, {"status": "affected", "version": "next of 8.14.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "8.20.5", "versionType": "custom"}]}], "datePublic": "2022-01-06T00:00:00", "references": [{"url": "https://jira.atlassian.com/browse/JRASERVER-73170", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian", "dateUpdated": "2022-03-14T01:45:17"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "8.13.16", "version_affected": "<"}, {"version_value": "8.14.0", "version_affected": ">"}, {"version_value": "8.20.5", "version_affected": "<"}]}, "product_name": "Jira Server"}, {"version": {"version_data": [{"version_value": "8.13.16", "version_affected": "<"}, {"version_value": "8.14.0", "version_affected": ">"}, {"version_value": "8.20.5", "version_affected": "<"}]}, "product_name": "Jira Data Center"}]}, "vendor_name": "Atlassian"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://jira.atlassian.com/browse/JRASERVER-73170", "name": "https://jira.atlassian.com/browse/JRASERVER-73170", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-Site Request Forgery (CSRF)"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-43953", "STATE": "PUBLIC", "ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2022-01-06T00:00:00"}}}}, "cveMetadata": {"cveId": "CVE-2021-43953", "state": "PUBLISHED", "dateUpdated": "2024-10-08T14:38:59.629Z", "dateReserved": "2021-11-16T00:00:00", "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "datePublished": "2022-02-15T02:40:10.288350Z", "assignerShortName": "atlassian"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://jira.atlassian.com/browse/JRASERVER-73170 (string)

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T04:10:16.450Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2021-43953 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-10-08T14:38:34.132122Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-10-08T14:38:54.995Z (string)

}

]

cna : { »

affected : [ »

0 : { »

vendor : Atlassian (string)

product : Jira Server (string)

versions : [ »

0 : { »

status : affected (string)

version : unspecified (string)

lessThan : 8.13.16 (string)

versionType : custom (string)

}

1 : { »

status : affected (string)

version : next of 8.14.0 (string)

lessThan : unspecified (string)

versionType : custom (string)

}

2 : { »

status : affected (string)

version : unspecified (string)

lessThan : 8.20.5 (string)

versionType : custom (string)

}

]

}

1 : { »

vendor : Atlassian (string)

product : Jira Data Center (string)

versions : [ »

0 : { »

status : affected (string)

version : unspecified (string)

lessThan : 8.13.16 (string)

versionType : custom (string)

}

1 : { »

status : affected (string)

version : next of 8.14.0 (string)

lessThan : unspecified (string)

versionType : custom (string)

}

2 : { »

status : affected (string)

version : unspecified (string)

lessThan : 8.20.5 (string)

versionType : custom (string)

}

]

}

]

datePublic : 2022-01-06T00:00:00 (string)

references : [ »

0 : { »

url : https://jira.atlassian.com/browse/JRASERVER-73170 (string)

tags : [ »

0 : x_refsource_MISC (string)

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : text (string)

description : Cross-Site Request Forgery (CSRF) (string)

}

]

}

]

providerMetadata : { »

orgId : f08a6ab8-ed46-4c22-8884-d911ccfe3c66 (string)

shortName : atlassian (string)

dateUpdated : 2022-03-14T01:45:17 (string)

}

x_legacyV4Record : { »

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

version : { »

version_data : [ »

0 : { »

version_value : 8.13.16 (string)

version_affected : < (string)

}

1 : { »

version_value : 8.14.0 (string)

version_affected : > (string)

}

2 : { »

version_value : 8.20.5 (string)

version_affected : < (string)

}

]

}

product_name : Jira Server (string)

}

1 : { »

version : { »

version_data : [ »

0 : { »

version_value : 8.13.16 (string)

version_affected : < (string)

}

1 : { »

version_value : 8.14.0 (string)

version_affected : > (string)

}

2 : { »

version_value : 8.20.5 (string)

version_affected : < (string)

}

]

}

product_name : Jira Data Center (string)

}

]

}

vendor_name : Atlassian (string)

}

]

}

data_type : CVE (string)

references : { »

reference_data : [ »

0 : { »

url : https://jira.atlassian.com/browse/JRASERVER-73170 (string)

name : https://jira.atlassian.com/browse/JRASERVER-73170 (string)

refsource : MISC (string)

}

]

}

data_format : MITRE (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Cross-Site Request Forgery (CSRF) (string)

}

]

}

]

}

data_version : 4.0 (string)

CVE_data_meta : { »

ID : CVE-2021-43953 (string)

STATE : PUBLIC (string)

ASSIGNER : security@atlassian.com (string)

DATE_PUBLIC : 2022-01-06T00:00:00 (string)

}

cveMetadata : { »

cveId : CVE-2021-43953 (string)

state : PUBLISHED (string)

dateUpdated : 2024-10-08T14:38:59.629Z (string)

dateReserved : 2021-11-16T00:00:00 (string)

assignerOrgId : f08a6ab8-ed46-4c22-8884-d911ccfe3c66 (string)

datePublished : 2022-02-15T02:40:10.288350Z (string)

assignerShortName : atlassian (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "41483020-6F56-4029-82E4-F1A4923EB5CA", "versionEndExcluding": "8.13.16", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E28AEDF-EC6A-4DC0-ADDF-81EDB5779FC9", "versionEndExcluding": "8.20.5", "versionStartIncluding": "8.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*", "matchCriteriaId": "27FAE5C6-CDD8-4658-A50E-91C866CDE9B2", "versionEndExcluding": "8.13.16", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0B3423A-909E-4FD2-9036-6962E1EC0E1D", "versionEndExcluding": "8.20.5", "versionStartIncluding": "8.14.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5."}, {"lang": "es", "value": "Las versiones afectadas de Atlassian Jira Server y Data Center permiten a los atacantes remotos no autentificados cambiar la configuraci\u00f3n de la retenci\u00f3n de hilos y la monitorizaci\u00f3n de la CPU a trav\u00e9s de una vulnerabilidad de falsificaci\u00f3n de solicitud de sitio cruzado (CSRF) en el punto final /secure/admin/ViewInstrumentation.jspa. Las versiones afectadas son anteriores a la versi\u00f3n 8.13.16, y desde la versi\u00f3n 8.14.0 hasta la 8.20.5"}], "id": "CVE-2021-43953", "lastModified": "2024-11-21T06:30:04.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-15T03:15:07.497", "references": [{"source": "security@atlassian.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/JRASERVER-73170"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/JRASERVER-73170"}], "sourceIdentifier": "security@atlassian.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 41483020-6F56-4029-82E4-F1A4923EB5CA (string)

versionEndExcluding : 8.13.16 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 0E28AEDF-EC6A-4DC0-ADDF-81EDB5779FC9 (string)

versionEndExcluding : 8.20.5 (string)

versionStartIncluding : 8.14.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 27FAE5C6-CDD8-4658-A50E-91C866CDE9B2 (string)

versionEndExcluding : 8.13.16 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A0B3423A-909E-4FD2-9036-6962E1EC0E1D (string)

versionEndExcluding : 8.20.5 (string)

versionStartIncluding : 8.14.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5. (string)

}

1 : { »

lang : es (string)

value : Las versiones afectadas de Atlassian Jira Server y Data Center permiten a los atacantes remotos no autentificados cambiar la configuración de la retención de hilos y la monitorización de la CPU a través de una vulnerabilidad de falsificación de solicitud de sitio cruzado (CSRF) en el punto final /secure/admin/ViewInstrumentation.jspa. Las versiones afectadas son anteriores a la versión 8.13.16, y desde la versión 8.14.0 hasta la 8.20.5 (string)

}

]

id : CVE-2021-43953 (string)

lastModified : 2024-11-21T06:30:04.570 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 4.3 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:M/Au:N/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 4.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 1.4 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2022-02-15T03:15:07.497 (string)

references : [ »

0 : { »

source : security@atlassian.com (string)

tags : [ »

0 : Issue Tracking (string)

1 : Vendor Advisory (string)

]

url : https://jira.atlassian.com/browse/JRASERVER-73170 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Vendor Advisory (string)

]

url : https://jira.atlassian.com/browse/JRASERVER-73170 (string)

}

]

sourceIdentifier : security@atlassian.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-352 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object