virus logo FortiClient Vulnerability

Atlassian Jira Software Server CVE-2021-26076 Vulnerability

description-logoDescription

The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the middle attack to learn which mode a user is editing in due to the cookie not being set with a secure attribute if Jira was configured to use https.

affected-products-logoAffected Applications

Jira Software Server

CVE References

CVE-2021-26076

Other References

https://jira.atlassian.com/projects/JRASERVER/issues/
ID 74273
Created Dec 20, 2022
Description
Updated		 Dec 14, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor Atlassian
Patch manual
Application Jira Software Server