CVE-2021-39126

Name of the Vulnerable Software and Affected Versions Atlassian Jira Server and Data Center versions prior to 8.5.10 Atlassian Jira Server and Data Center versions 8.6.0 through 8.13.1

Description The issue allows remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token.

Recommendations For versions prior to 8.5.10, update to version 8.5.10 or later. For versions 8.6.0 through 8.13.1, update to version 8.13.2 or later. As a temporary workaround, consider restricting access to sensitive resources to minimize the risk of exploitation.