CVE-2021-43941

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 66.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Jira Data Center Atlassian Jira Server

Timeline

PublishedFeb 15

Latest updateFeb 16

Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5atlassian/jira_data_centerunspecified — 8.13.15+2

▶NVDatlassian/jira_data_center8.14.0 — 8.20.3+1

▶CVEListV5atlassian/jira_serverunspecified — 8.13.15+2

▶NVDatlassian/jira_server8.14.0 — 8.20.3+1

🔴Vulnerability Details

GHSA

GHSA-fr35-qpgv-g932: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage↗2022-02-16

▶

CVEList

CVE-2021-43941: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage↗2022-02-15

▶