Description

The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery (CSRF) vulnerability.

Remediation

References

CVE-2021-26071

Related Vulnerabilities

WordPress Plugin CP Contact Form with PayPal Multiple Vulnerabilities (1.1.5)

MySQL CVE-2022-21336 Vulnerability (CVE-2022-21336)

Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-13590)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-6103)

SharePoint CVE-2021-31963 Vulnerability (CVE-2021-31963)

Severity

Low

Classification

CVE-2021-26071 CWE-352

Tags

Missing Update Known Vulnerabilities