Loading...

XML

Word

Printable

Details

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low
Fix Version/s: 8.18.0, 8.13.9
Affects Version/s: 8.17.0, 8.13.8
Component/s: None
Labels:

CVSS Score:
4
CVSS Severity:
Medium
CVE ID:
CVE-2021-39113

Description

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature.

The affected versions are before version 8.13.9, and from version 8.14.0 before 8.18.0.

*Affected versions:*

version < 8.13.9
8.14.0 ≤ version < 8.18.0

*Fixed versions:*

8.13.9
8.18.0

Attachments

Issue Links

mentioned in: Page Loading...; Page Loading...; Page Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 02/Jul/2021 12:39 AM

Updated:: 17/Oct/2021 8:24 PM

Resolved:: 01/Sep/2021 11:02 PM