Uploaded image for project: 'Jira Service Management Data Center'
  1. Jira Service Management Data Center
  2. JSDSERVER-10983

Import source configuration information is leaked via the Insight Import Source feature - CVE-2021-43950

    • 2.7
    • Low
    • CVE-2021-43950

      Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import source configuration information via a Broken Access Control vulnerability in the Insight Import Source feature.

      The affected versions are before version 4.21.0.

      Affected versions:

      • version < 4.21.0

      Fixed versions:

      • 4.21.0

          Form Name

            [JSDSERVER-10983] Import source configuration information is leaked via the Insight Import Source feature - CVE-2021-43950

            Sam Xu made changes -
            Fix Version/s New: 4.20.2 [ 98290 ]
            Security Metrics Bot made changes -
            CVE ID New: CVE-2021-43950
            AB made changes -
            Resolution New: Fixed [ 1 ]
            Security Original: Atlassian Staff [ 10750 ]
            Status Original: Draft [ 12872 ] New: Published [ 12873 ]
            AB made changes -
            Summary Original: Import source configuration information is leaked via the Insight Import Source feature - CVE registration for this issue is already in progress New: Import source configuration information is leaked via the Insight Import Source feature - CVE-2021-43950
            AB made changes -
            Summary Original: Import source configuration information is leaked via the Insight Import Source feature New: Import source configuration information is leaked via the Insight Import Source feature - CVE registration for this issue is already in progress
            AB made changes -
            Description Original: Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with administrator privileges to view import source configuration information via a Broken Access Control vulnerability in the Insight Import Source feature.

            The affected versions are before version 4.21.0.

            *Affected versions:*

             * version < 4.21.0

            *Fixed versions:*

             * 4.21.0
            New: Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import source configuration information via a Broken Access Control vulnerability in the Insight Import Source feature.

            The affected versions are before version 4.21.0.

            *Affected versions:*

             * version < 4.21.0

            *Fixed versions:*

             * 4.21.0
            AB made changes -
            Description Original: Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with administrator privileges to view import source configuration information via a Broken Access Control vulnerability in {component}.

            ((Use the `; versions` script here to list the fixed and affected versions))
            New: Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with administrator privileges to view import source configuration information via a Broken Access Control vulnerability in the Insight Import Source feature.

            The affected versions are before version 4.21.0.

            *Affected versions:*

             * version < 4.21.0

            *Fixed versions:*

             * 4.21.0
            AB made changes -
            Summary Original: Import source config information is leaked via the Insight Import Source feature New: Import source configuration information is leaked via the Insight Import Source feature
            AB made changes -
            Description Original:
            This vulnerability affects certain versions of Atlassian Jira Service Management Server. Please describe the impact of the vulnerability here. No known vulnerability could be read off of the parent.
            New: Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with administrator privileges to view import source configuration information via a Broken Access Control vulnerability in {component}.

            ((Use the `; versions` script here to list the fixed and affected versions))
            AB made changes -
            Summary Original: REST API endpoint leaked import source config info by [insight import source] New: Import source config information is leaked via the Insight Import Source feature

              skaur@atlassian.com Saranjeet Kaur (Inactive)
              security-metrics-bot Security Metrics Bot
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: