QID 150437
Date Published: 2021-12-09
QID 150437: Atlassian Jira Server Multiple Security Vulnerabilities (JRASERVER-72237, JRASERVER-72761)
Jira is a proprietary issue tracking product, product developed by Atlassian. It provides bug tracking, issue tracking, and project management functions.
Multiple Vulnerabilities are identified in Atlassian Jira Server:
CVE-2021-39123: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the /rest/gadget/1.0/createdVsResolved/generate endpoint.
CVE-2021-39124: The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center allows remote attackers who are able to trick a user into retrying a request to bypass CSRF protection and replay a crafted request.
Affected version:
before to 8.16.0
Successful exploitation of these vulnerabilities may allow remote attacker to impact the application's availability via a Denial of Service (DoS) vulnerability or trick a user into retrying a request to bypass CSRF protection.
- JRASERVER-72237 -
jira.atlassian.com/browse/JRASERVER-72237
- JRASERVER-72761 -
jira.atlassian.com/browse/JRASERVER-72761
CVEs related to QID 150437
Advisory ID | Software | Component | Link |
---|---|---|---|
JRASERVER-72237 |
![]() |
||
JRASERVER-72761 |
![]() |