CVE-2021-43952
published 2022-02-15CVE-2021-43952: Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a…
medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint. The affected versions are before version 8.21.0.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | jira_data_center | < 8.13.18 | 8.13.18 |
| atlassian | jira_data_center | >= 8.20.0 < 8.20.6 | 8.20.6 |
| atlassian | jira_data_center | >= unspecified < 8.21.0 | 8.21.0 |
| atlassian | jira_server | < 8.13.18 | 8.13.18 |
| atlassian | jira_server | >= 8.20.0 < 8.20.6 | 8.20.6 |
| atlassian | jira_server | >= unspecified < 8.21.0 | 8.21.0 |