Loading...

XML

Word

Printable

Details

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low
Fix Version/s: 4.21.0, 4.20.4
Affects Version/s: 4.20.0
Component/s: None
Labels:

CVSS Score:
5.3
CVSS Severity:
Medium
CVE ID:
CVE-2021-43949

Description

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature.

The affected versions are before version 4.21.0.

Affected versions:

version < 4.21.0

Fixed versions:

4.21.0

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 22/Dec/2021 3:14 AM

Updated:: 04/Feb/2022 5:14 AM

Resolved:: 10/Jan/2022 6:24 AM

An unauthorized user can view private objects via the Custom Fields feature - CVE-2021-43949