CVE-2021-43952

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.4%

top 39.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Jira Data Center Atlassian Jira Server

Timeline

PublishedFeb 15

Latest updateFeb 16

Description

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint. The affected versions are before version 8.21.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5atlassian/jira_data_centerunspecified — 8.21.0

▶NVDatlassian/jira_data_center8.20.0 — 8.20.6+1

▶CVEListV5atlassian/jira_serverunspecified — 8.21.0

▶NVDatlassian/jira_server8.20.0 — 8.20.6+1

🔴Vulnerability Details

GHSA

GHSA-25qr-gjf9-whgm: Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a↗2022-02-16

▶

CVEList

CVE-2021-43952: Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a↗2022-02-15

▶