Description
The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery (CSRF) vulnerability.
Remediation
References
Related Vulnerabilities
Jenkins Improper Authentication Vulnerability (CVE-2018-1999045)
WordPress Plugin Login Block IPs Cross-Site Request Forgery (1.0.0)
WordPress Plugin Sitemap Index Cross-Site Scripting (1.2.3)
WordPress Plugin Import all XML, CSV & TXT into WordPress Cross-Site Request Forgery (5.6)
WordPress Plugin Crelly Slider Multiple Unspecified Vulnerabilities (1.1.1)