An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF token. As a result, an attacker can log a user into the system under an unexpected account.
2025-02-11T18:15:18.557
2025-07-30T17:20:40.577
Analyzed
CVSSv3.1: 4.3 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | atlassian | jira_data_center | ≤ 8.1.0 | Yes |
| Application | atlassian | jira_server | ≤ 8.1.0 | Yes |