Description
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2.
Remediation
References
Related Vulnerabilities
TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4614)
MySQL CVE-2015-2643 Vulnerability (CVE-2015-2643)
WordPress Plugin teachPress Unspecified Vulnerability (5.0.17)
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5652)
Dolibarr Improper Privilege Management Vulnerability (CVE-2020-14201)