CVE-2021-39126
published 2021-10-21CVE-2021-39126: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF)…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | jira_data_center | < 8.5.10 | 8.5.10 |
| atlassian | jira_data_center | >= 8.6.0 < unspecified | unspecified |
| atlassian | jira_data_center | >= 8.6.0 < 8.13.1 | 8.13.1 |
| atlassian | jira_data_center | >= unspecified < 8.5.10 | 8.5.10 |
| atlassian | jira_data_center | >= unspecified < 8.13.1 | 8.13.1 |
| atlassian | jira_server | < 8.5.10 | 8.5.10 |
| atlassian | jira_server | >= 8.6.0 < unspecified | unspecified |
| atlassian | jira_server | >= 8.6.0 < 8.13.1 | 8.13.1 |
| atlassian | jira_server | >= unspecified < 8.5.10 | 8.5.10 |
| atlassian | jira_server | >= unspecified < 8.13.1 | 8.13.1 |