CVE-2021-26071

Name of the Vulnerable Software and Affected Versions Jira Server and Data Center versions 8.5.12 and earlier Jira Server and Data Center versions 8.6.0 through 8.13.4 Jira Server and Data Center versions 8.14.0 through 8.15.0

Description The SetFeatureEnabled.jspa resource allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery (CSRF) vulnerability. This issue affects Jira Server and Data Center, enabling attackers to manipulate Jira Software settings without authorization.

Recommendations For versions 8.5.12 and earlier, update to version 8.5.13 or later. For versions 8.6.0 through 8.13.4, update to version 8.13.5 or later. For versions 8.14.0 through 8.15.0, update to version 8.15.1 or later.