Home

CVE-2021-39126

Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a users CSRF token. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.196

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-39126,CVE-2021-39127 are affected in Atlassian Jira 8.5.9Windows
Multiple Vulnerabilities are affected in Atlassian Jira Core Data Center 8.5.9Windows
Multiple Vulnerabilities are affected in Atlassian Jira Core Data Center 8.6.2Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234