Date Published: 2021-11-09
QID 150381: Atlassian Jira Multiple Vulnerabilities (JULY 2021)
Jira is a proprietary issue tracking product, product developed by Atlassian. It provides bug tracking, issue tracking, and project management functions.
Multiple Vulnerabilities are identified in Atlassian Jira Server:
CVE-2021-26081 : User enumeration vulnerability in the REST API.
CVE-2021-26082 : Cross-Site Scripting (XSS) vulnerability in XML Export.
CVE-2021-26083 : Cross-Site Scripting (XSS) vulnerability in Export HTML Report feature.
before version 8.5.14
from version 8.6.0 before 8.13.6
from version 8.14.0 before 8.17.0
NOTE: CVE-2021-26083, CVE-2021-26081 are not applicable for Atlassian Jira Server versions from 8.16.1 to 8.17.0.
Successful exploitation would lead remote attackers to gain access to sensitive information and launch further attacks against the affected system.