CVE-2021-43959

Summary

CVE	CVE-2021-43959
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-07-26 08:15:00 UTC
Updated	2022-08-02 14:02:00 UTC
Description	Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of JSM Insight. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information. The affected versions are before version 4.13.20, from version 4.14.0 before 4.20.8, and from version 4.21.0 before 4.22.2.

Risk And Classification

Problem Types: CWE-918

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Atlassian	Jira Service Desk	All	All	All	All
Application	Atlassian	Jira Service Desk	All	All	All	All
Application	Atlassian	Jira Service Management	All	All	All	All
Application	Atlassian	Jira Service Management	All	All	All	All

References

Reference	Source	Link	Tags
Log in with Atlassian account	N/A	jira.atlassian.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

730576 Atlassian Jira Service Management Server and Data Center CSV Import Vulnerability (JSDSERVER-11898)