Description

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.21.0.

Remediation

References

CVE-2021-43953

Related Vulnerabilities

MySQL CVE-2020-14568 Vulnerability (CVE-2020-14568)

WordPress Plugin WP Add Mime Types Cross-Site Request Forgery (2.2.1)

WebLogic CVE-2022-21347 Vulnerability (CVE-2022-21347)

WordPress Other Vulnerability (CVE-2006-4743)

Play Framework Improper Input Validation Vulnerability (CVE-2015-2156)

Severity

Medium

Classification

CVE-2021-43953 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Tags

Missing Update Known Vulnerabilities