Lucene search
AtlassianCVELIST:CVE-2021-39126HistorySep 14, 2021 - 12:00 a.m.
CVE-2021-39126
2021-09-1400:00:00
atlassian
www.cve.org
0.002 Low
EPSS
Percentile
52.4%
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user’s CSRF token. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1.
CNA Affected
[
{
"product": "Jira Server",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "8.5.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.6.0",
"versionType": "custom"
},
{
"lessThan": "8.13.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Jira Data Center",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "8.5.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.6.0",
"versionType": "custom"
},
{
"lessThan": "8.13.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
atlassian
atlassian
CSRF token theft through referrer headers - CVE-2021-39126
2020-11-16 00:12:48
CSRF token theft through referrer headers - CVE-2021-39126
2020-11-16 00:12:48
cnvd
cnvd
Atlassian Jira Code Injection Vulnerability
2021-10-24 00:00:00
prion
prion
Cross site request forgery (csrf)
2021-10-21 03:15:00
nvd
nvd
CVE-2021-39126
2021-10-21 03:15:07
nessus
nessus
Atlassian Jira < 8.5.10 / 8.6.x < 8.13.1 XSRF (JRASERVER-71806)
2022-07-06 00:00:00
cve
cve
CVE-2021-39126
2021-10-21 03:15:07