Loading...

XML

Word

Printable

Details

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low
Fix Version/s: 4.21.0, 4.20.2
Affects Version/s: 4.20.0
Component/s: None
Labels:

CVSS Score:
3.1
CVSS Severity:
Medium
CVE ID:
CVE-2021-43948

Description

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an Improper Authorization vulnerability in the "Move objects" feature.

The affected versions are before version 4.21.0.

Affected versions:

version < 4.21.0

Fixed versions:

4.21.0

Attachments

Issue Links

mentioned in: Page Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 22/Dec/2021 3:12 AM

Updated:: 25/Feb/2022 12:13 AM

Resolved:: 15/Feb/2022 3:37 AM

Names of private objects are leaked to unauthorized users via the "Move objects" feature - CVE-2021-43948