CVE-2021-41306
Published on: 10/26/2021 12:00:00 AM UTC
Last Modified on: 05/03/2022 04:04:00 PM UTC
Certain versions of Jira from Atlassian contain the following vulnerability:
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0.
- CVE-2021-41306 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 7.5 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | NONE | NONE |
CVSS2 Score: 5 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | NONE | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
[JRASERVER-72915] Anonymous users can view names of private projects and filters via Average Time in Status Gadget - CVE-2021-41306 - Create and track feature requests for Atlassian products. | jira.atlassian.com text/html | MISC jira.atlassian.com/browse/JRASERVER-72915 |
Related QID Numbers
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Atlassian | Jira | All | All | All | All |
Application | Atlassian | Jira Server | All | All | All | All |
Application | Atlassian | Jira Software Data Center | All | All | All | All |
- cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:jira_software_data_center:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
@CVEreport | CVE-2021-41306 : Affected versions of #Atlassian #Jira Server and Data Center allow anonymous remote attackers to v… twitter.com/i/web/status/1… | 2021-10-26 04:19:38 |
@SecRiskRptSME | RT: CVE-2021-41306 Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to… twitter.com/i/web/status/1… | 2021-10-26 07:33:20 |