Description
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.
Remediation
References
Related Vulnerabilities
Next.js CVE-2022-21721 Vulnerability (CVE-2022-21721)
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-9775)
WordPress Plugin Ultimate Gift Cards For WooCommerce Cross-Site Request Forgery (2.1.1)
Oracle HTTP Server Integer Overflow or Wraparound Vulnerability (CVE-2022-22721)