QID 150381

Date Published: 2021-11-09

QID 150381: Atlassian Jira Multiple Vulnerabilities (JULY 2021)

Jira is a proprietary issue tracking product, product developed by Atlassian. It provides bug tracking, issue tracking, and project management functions.

Multiple Vulnerabilities are identified in Atlassian Jira Server:
CVE-2021-26081 : User enumeration vulnerability in the REST API.
CVE-2021-26082 : Cross-Site Scripting (XSS) vulnerability in XML Export.
CVE-2021-26083 : Cross-Site Scripting (XSS) vulnerability in Export HTML Report feature.

Affected versions:
before version 8.5.14
from version 8.6.0 before 8.13.6
from version 8.14.0 before 8.17.0

NOTE: CVE-2021-26083, CVE-2021-26081 are not applicable for Atlassian Jira Server versions from 8.16.1 to 8.17.0.

Successful exploitation would lead remote attackers to gain access to sensitive information and launch further attacks against the affected system.

  • CVSS V3 rated as Medium - 5.4 severity.
  • CVSS V2 rated as Medium - 5 severity.
  • Solution
    Upgrade the Atlassian Jira to new version.

    CVEs related to QID 150381

    Software Advisories
    Advisory ID Software Component Link
    JRASERVER-72499 URL Logo jira.atlassian.com/browse/JRASERVER-72499