CSRF Vulnerability in Atlassian Jira Server and Data Center Allows Unauthorized Toggling of Thread Contention and CPU Monitoring Settings

CSRF Vulnerability in Atlassian Jira Server and Data Center Allows Unauthorized Toggling of Thread Contention and CPU Monitoring Settings

CVE-2021-43953 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5.

Learn more about our Cis Benchmark Audit For Server Software.