CVE-2021-43953: Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings…

medium4.3CVSS 3.1

AVNACLPRNUIRSUCNINAL

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5.

Affected

10 ranges

Vendor	Product	Version range	Fixed in
atlassian	data_center	< 8.13.16	8.13.16
atlassian	data_center	>= 8.14.0 < 8.20.5	8.20.5
atlassian	jira	< 8.13.16	8.13.16
atlassian	jira	>= 8.14.0 < 8.20.5	8.20.5
atlassian	jira_data_center	>= next of 8.14.0 < unspecified	unspecified
atlassian	jira_data_center	>= unspecified < 8.13.16	8.13.16
atlassian	jira_data_center	>= unspecified < 8.20.5	8.20.5
atlassian	jira_server	>= next of 8.14.0 < unspecified	unspecified
atlassian	jira_server	>= unspecified < 8.13.16	8.13.16
atlassian	jira_server	>= unspecified < 8.20.5	8.20.5