QID 730197

Date Published: 2021-09-20

QID 730197: Atlassian Jira Server and Data Center Information Disclosure Vulnerability (JRASERVER-72009)

Jira is a proprietary issue tracking product, developed by Atlassian. It provides bug tracking, issue tracking, and project management functions.

CVE-2021-39125: Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page.

Affected version:
Atlassian Jira Server and Data Center version prior to 8.5.10
Atlassian Jira Server and Data Center version from 8.6.0 prior to 8.13.1

QID Detection Logic:(Unauthenticated)
It checks for vulnerable version of Atlassian Jira.

Successful exploitation of this vulnerability may allow a remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page.

  • CVSS V3 rated as Medium - 5.3 severity.
  • CVSS V2 rated as Medium - 5 severity.
  • Solution
    Customers are advised to refer to JRASERVER-72009 for updates pertaining to this vulnerability.
    Vendor References

    CVEs related to QID 730197

    Software Advisories
    Advisory ID Software Component Link
    JRASERVER-72009 URL Logo jira.atlassian.com/browse/JRASERVER-72009