CVE-2021-43952

Description

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint. The affected versions are before version 8.21.0.

Reserved 2021-11-16 | Published 2022-02-15 | Updated 2024-10-04 | Assigner atlassian

Problem types

Cross-Site Request Forgery (CSRF)

Product status

Any version before 8.21.0
affected

Any version before 8.21.0
affected

References

jira.atlassian.com/browse/JRASERVER-73138

cve.org (CVE-2021-43952)

nvd.nist.gov (CVE-2021-43952)

Download JSON