First published: Thu Oct 21 2021(Updated: )
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1.
Credit: security@atlassian.com
Affected Software | Affected Version | How to fix |
---|---|---|
Atlassian Data Center | <8.5.10 | |
Atlassian Data Center | >=8.6.0<8.13.1 | |
Atlassian Server | <8.5.10 | |
Atlassian Server | >=8.6.0<8.13.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Jira Server and Data Center vulnerability is CVE-2021-39126.
CVE-2021-39126 has a severity level of medium (6.5).
Remote attackers can exploit CVE-2021-39126 by using a Cross-Site Request Forgery (CSRF) vulnerability and an Information Disclosure vulnerability in the referrer headers to modify various resources.
Versions up to 8.5.10 and versions between 8.6.0 and 8.13.1 of Atlassian Jira Server are affected by CVE-2021-39126.
Versions up to 8.5.10 and versions between 8.6.0 and 8.13.1 of Atlassian Jira Data Center are affected by CVE-2021-39126.
Yes, a fix is available for CVE-2021-39126. Please refer to the official reference for more information.