CVE-2021-26081
Published on: 07/19/2021 12:00:00 AM UTC
Last Modified on: 03/30/2022 01:29:00 PM UTC
Certain versions of Data Center from Atlassian contain the following vulnerability:
REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the `/rest/api/latest/user/avatar/temporary` endpoint.
- CVE-2021-26081 has been assigned by
securit[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 5.3 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | LOW | NONE | NONE |
CVSS2 Score: 5 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | NONE | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
[JRASERVER-72499] Username enumeration on Jira Software Server 8.15 - CVE-2021-26081 - Create and track feature requests for Atlassian products. | jira.atlassian.com text/html |
![]() |
Related QID Numbers
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Atlassian | Data Center | All | All | All | All |
Application | Atlassian | Jira | All | All | All | All |
Application | Atlassian | Jira Data Center | All | All | All | All |
Application | Atlassian | Jira Server | All | All | All | All |
- cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2021-26081 : REST API in #Atlassian #Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0… twitter.com/i/web/status/1… | 2021-07-20 03:29:18 |
![]() |
RT: CVE-2021-26081 REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.… twitter.com/i/web/status/1… | 2021-07-20 07:21:33 |
![]() |
CVE-2021-26081 | 2021-07-20 03:40:30 |