Atlassian Jira Server jira-importers-plugin跨站请求伪造漏洞

Atlassian Jira Service is the server version of an IT service desk and request tracking system from Atlassian Australia. Atlassian Jira Server jira-importers-plugin is vulnerable to cross-site request forgery, which stems from jira-importers-plugin being misconfigured with XSRF protection. An...

jira-importers-plugin has misconfigured XSRF protection - CVE-2021-43941

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa via a Cross-Site Request Forgery CSRF vulnerability in the jira-importers-plugin. The affected versions are before...