vulnerability

Atlassian JIRA: Cross-Site Request Forgery (CSRF) (CVE-2021-39126)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:P/I:N/A:N)	Oct 21, 2021	Dec 7, 2021	Aug 11, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

Oct 21, 2021

Added

Dec 7, 2021

Modified

Aug 11, 2025

Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1.

Solutions

atlassian-jira-upgrade-8_13_2atlassian-jira-upgrade-8_5_10

References

CVE-2021-39126
https://attackerkb.com/topics/CVE-2021-39126
CWE-352

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today