QID 150437

Date Published: 2021-12-09

QID 150437: Atlassian Jira Server Multiple Security Vulnerabilities (JRASERVER-72237, JRASERVER-72761)

Jira is a proprietary issue tracking product, product developed by Atlassian. It provides bug tracking, issue tracking, and project management functions.

Multiple Vulnerabilities are identified in Atlassian Jira Server:

CVE-2021-39123: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the /rest/gadget/1.0/createdVsResolved/generate endpoint.

CVE-2021-39124: The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center allows remote attackers who are able to trick a user into retrying a request to bypass CSRF protection and replay a crafted request.

Affected version:
before to 8.16.0

Successful exploitation of these vulnerabilities may allow remote attacker to impact the application's availability via a Denial of Service (DoS) vulnerability or trick a user into retrying a request to bypass CSRF protection.

  • CVSS V3 rated as Critical - 8.8 severity.
  • CVSS V2 rated as High - 6.8 severity.
  • Solution
    Upgrade the Atlassian Jira to new version.

    CVEs related to QID 150437

    Software Advisories
    Advisory ID Software Component Link
    JRASERVER-72237 URL Logo jira.atlassian.com/browse/JRASERVER-72237
    JRASERVER-72761 URL Logo jira.atlassian.com/browse/JRASERVER-72761