Date Published: 2021-11-24
QID 730280: Atlassian Jira Server and Data Center Cross-Site Request Forgery (CSRF) Vulnerability (JRASERVER-71806)
Jira is a proprietary issue tracking product, developed by Atlassian. It provides bug tracking, issue tracking, and project management functions.
CVE-2021-39126:Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token..
Atlassian Jira Server and Data Center version prior to 8.5.10
Atlassian Jira Server and Data Center version from 8.6.0 to 8.13.0
QID Detection Logic:(Unauthenticated)
It checks for vulnerable version of Atlassian Jira.
Successful exploitation of this vulnerability will allow to capture the referrer headers which discloses a user's CSRF token
- JRASERVER-71806 - jira.atlassian.com/browse/JRASERVER-71806
CVEs related to QID 730280