Description
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint. The affected versions are before version 8.21.0.
Remediation
References
Related Vulnerabilities
WordPress Plugin Users Ultra SQL Injection (1.3.58)
Perl Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2018-12015)
WordPress Plugin DFD Reddcoin Tips Cross-Site Scripting (1.1.1)
WordPress Plugin Last.fm Rotation Local File Inclusion (1.0)
PHP Use of Externally-Controlled Format String Vulnerability (CVE-2009-0754)