CVE-2021-26071

The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery (CSRF) vulnerability.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 LOW
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
atlassianCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
atlassiandata_center
𝑥
< 8.5.13
atlassianjira
𝑥
< 8.5.13
atlassianjira_data_center
8.6.0 ≤
𝑥
< 8.13.5
atlassianjira_data_center
8.14.0 ≤
𝑥
< 8.15.1
atlassianjira_server
8.6.0 ≤
𝑥
< 8.13.5
atlassianjira_server
8.14.0 ≤
𝑥
< 8.15.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://jira.atlassian.com/browse/JRASERVER-72233
https://jira.atlassian.com/browse/JRASERVER-72233