CVE-2021-43952

Description

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint. The affected versions are before version 8.21.0.

Risk Information

Base Score

4.3

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS Score

Exploitation Probability

0.389

Associated Vulnerability

Vulnerability	OS Platform
Vulnerability CVE-2021-43941,CVE-2021-43944,CVE-2021-43945,CVE-2021-43952 are affected in Atlassian Jira 8.20.2	Windows
Multiple Vulnerabilities are affected in Atlassian Jira Core Data Center *	Windows
Multiple Vulnerabilities are affected in Atlassian Jira Core Data Center 8.20.3	Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234