Uploaded image for project: 'Jira Service Management Data Center'
  1. Jira Service Management Data Center
  2. JSDSERVER-10981

Names of private objects are leaked to unauthorized users via the "Move objects" feature - CVE-2021-43948

    XMLWordPrintable

Details

    • 3.1
    • Medium
    • CVE-2021-43948

    Description

      Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an Improper Authorization vulnerability in the "Move objects" feature.

      The affected versions are before version 4.21.0.

      Affected versions:

      • version < 4.21.0

      Fixed versions:

      • 4.21.0

      Attachments

        Issue Links

          mentioned in

          Page Loading...

          Activity

            People

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Backbone Issue Sync