SynopsisThe remote web server hosts a web application that is potentially affected by an CSRF vulnerability
DescriptionAccording to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is prior to 7.6.1. Therefore the Jira-importers-plugin in Atlassian Jira allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL.
SolutionUpgrade to Atlassian JIRA versions 7.6.1, 7.7.0, or later