CVE-2021-43953

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.3%

top 44.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Jira Data Center Atlassian Jira Server Atlassian Data Center +1 more

Timeline

PublishedFeb 15

Latest updateFeb 16

Description

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5atlassian/jira_data_centerunspecified — 8.13.16+2

▶CVEListV5atlassian/jira_serverunspecified — 8.13.16+2

▶NVDatlassian/data_center8.14.0 — 8.20.5+1

▶NVDatlassian/jira8.14.0 — 8.20.5+1

🔴Vulnerability Details

GHSA

GHSA-j485-xjwc-7p25: Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring s↗2022-02-16

▶

CVEList

CVE-2021-43953: Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring s↗2022-02-15

▶