CVE-2021-39124

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 61.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Jira Data Center Atlassian Jira Server Atlassian Data Center +1 more

Timeline

PublishedSep 14

Latest updateMay 24

Description

The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request to bypass CSRF protection and replay a crafted request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5atlassian/jira_data_centerunspecified — 8.16.0

▶CVEListV5atlassian/jira_serverunspecified — 8.16.0

▶NVDatlassian/data_center< 8.16.0

▶NVDatlassian/jira< 8.16.0

🔴Vulnerability Details

GHSA

GHSA-67vg-8r27-8fjh: The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8↗2022-05-24

▶

CVEList

CVE-2021-39124: The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8↗2021-09-14

▶