CVE-2021-26071
Published on: 03/31/2021 12:00:00 AM UTC
Last Modified on: 03/30/2022 01:29:00 PM UTC
Certain versions of Data Center from Atlassian contain the following vulnerability:
The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery (CSRF) vulnerability.
- CVE-2021-26071 has been assigned by
securit[email protected] to track the vulnerability - currently rated as LOW severity.
CVSS3 Score: 3.5 - LOW
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | LOW | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | NONE | LOW | NONE |
CVSS2 Score: 3.5 - LOW
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | SINGLE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | PARTIAL | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
[JRASERVER-72233] CSRF in the SetFeatureEnabled.jspa resource - CVE-2021-26071 - Create and track feature requests for Atlassian products. | jira.atlassian.com text/html |
![]() |
Related QID Numbers
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Atlassian | Data Center | All | All | All | All |
Application | Atlassian | Jira | All | All | All | All |
Application | Atlassian | Jira Data Center | All | All | All | All |
Application | Atlassian | Jira Server | All | All | All | All |
- cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2021-26071 : The SetFeatureEnabled.jspa resource in #Jira Server and Data Center before version 8.5.13, from ve… twitter.com/i/web/status/1… | 2021-04-01 02:35:57 |