CVE-2021-39124
published 2021-09-14CVE-2021-39124: The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able…
medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request to bypass CSRF protection and replay a crafted request.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | data_center | < 8.16.0 | 8.16.0 |
| atlassian | jira | < 8.16.0 | 8.16.0 |
| atlassian | jira_data_center | >= unspecified < 8.16.0 | 8.16.0 |
| atlassian | jira_server | >= unspecified < 8.16.0 | 8.16.0 |