Cross-Site Request Forgery Vulnerability in Atlassian Jira Server and Data Center
CVE-2021-43941

6.5MEDIUM

Key Information:

Vendor: Atlassian
Status: Jira Server; Jira Data Center
Vendor: CVE Published:; 15 February 2022

Summary

A serious security flaw exists in Atlassian Jira Server and Data Center, specifically within the jira-importers-plugin, which permits remote attackers to manipulate multiple resources, such as CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa. This vulnerability impacts versions released prior to 8.13.15 and those from 8.14.0 up to but not including 8.20.3, highlighting a need for users to upgrade promptly to safeguard their systems from potential unauthorized actions.

Affected Version(s)

Jira Data Center < 8.13.15

Jira Data Center 8.14.0

Jira Data Center < 8.20.3

References

https://jira.atlassian.com/browse/JRASERVER-73073

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 15, 2022
Vulnerability Reserved
Nov 16, 2021