Description
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.
Remediation
References
Related Vulnerabilities
Pega Infinity Exposure of Resource to Wrong Sphere Vulnerability (CVE-2019-16387)
Grafana Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2026-21725)
MODX Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7321)
WeBid Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-32166)