-
Public Security Vulnerability
-
Resolution: Fixed
-
Low
-
4.20.0
-
None
-
3.1
-
Medium
-
CVE-2021-43948
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an Improper Authorization vulnerability in the "Move objects" feature.
The affected versions are before version 4.21.0.
Affected versions:
- version < 4.21.0
Fixed versions:
- 4.21.0
- mentioned in
-
Page Failed to load
Form Name |
---|
[JSDSERVER-10981] Names of private objects are leaked to unauthorized users via the "Move objects" feature - CVE-2021-43948
Fix Version/s | New: 4.20.2 [ 98290 ] |
Remote Link | New: This issue links to "Page (Confluence)" [ 622657 ] |
CVE ID | New: CVE-2021-43948 |
Resolution | New: Fixed [ 1 ] | |
Security | Original: Atlassian Staff [ 10750 ] | |
Status | Original: Draft [ 12872 ] | New: Published [ 12873 ] |
Summary | Original: Names of private objects are leaked to unauthorized users via the "Move objects" feature | New: Names of private objects are leaked to unauthorized users via the "Move objects" feature - CVE-2021-43948 |
Description |
Original:
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an Insecure Direct Object References (IDOR) vulnerability in the "Move objects" feature.
The affected versions are before version 4.21.0. *Affected versions:* * version < 4.21.0 *Fixed versions:* * 4.21.0 |
New:
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an Improper Authorization vulnerability in the "Move objects" feature.
The affected versions are before version 4.21.0. *Affected versions:* * version < 4.21.0 *Fixed versions:* * 4.21.0 |
Description |
Original:
Affected versions of Atlassian Jira Service Management Server and Data Center allow {authenticated or anonymous?} remote attackers to (insert the impact of the IDOR, e.g. "modify Blah setting", or "view Blah information") via an Insecure Direct Object References (IDOR) vulnerability in {component}.
((Use the `; versions` script here to list the fixed and affected versions)) |
New:
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an Insecure Direct Object References (IDOR) vulnerability in the "Move objects" feature.
The affected versions are before version 4.21.0. *Affected versions:* * version < 4.21.0 *Fixed versions:* * 4.21.0 |
+1