-
Public Security Vulnerability
-
Resolution: Fixed
-
Low
-
4.20.0
-
None
-
2.7
-
Low
-
CVE-2021-43950
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import source configuration information via a Broken Access Control vulnerability in the Insight Import Source feature.
The affected versions are before version 4.21.0.
Affected versions:
- version < 4.21.0
Fixed versions:
- 4.21.0
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[JSDSERVER-10983] Import source configuration information is leaked via the Insight Import Source feature - CVE-2021-43950
| Fix Version/s | New: 4.20.2 [ 98290 ] |
| CVE ID | New: CVE-2021-43950 |
| Resolution | New: Fixed [ 1 ] | |
| Security | Original: Atlassian Staff [ 10750 ] | |
| Status | Original: Draft [ 12872 ] | New: Published [ 12873 ] |
| Summary | Original: Import source configuration information is leaked via the Insight Import Source feature - CVE registration for this issue is already in progress | New: Import source configuration information is leaked via the Insight Import Source feature - CVE-2021-43950 |
| Summary | Original: Import source configuration information is leaked via the Insight Import Source feature | New: Import source configuration information is leaked via the Insight Import Source feature - CVE registration for this issue is already in progress |
| Description |
Original:
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with administrator privileges to view import source configuration information via a Broken Access Control vulnerability in the Insight Import Source feature.
The affected versions are before version 4.21.0. *Affected versions:* * version < 4.21.0 *Fixed versions:* * 4.21.0 |
New:
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import source configuration information via a Broken Access Control vulnerability in the Insight Import Source feature.
The affected versions are before version 4.21.0. *Affected versions:* * version < 4.21.0 *Fixed versions:* * 4.21.0 |
This is an independent assessment and you should evaluate its applicability to your own IT environment.
CVSS v3 score: 4.3 => Medium severity
Exploitability Metrics
| Attack Vector | Network |
|---|---|
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
Scope Metric
| Scope | Unchanged |
|---|
Impact Metrics
| Confidentiality | Low |
|---|---|
| Integrity | None |
| Availability | None |
https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
| Description |
Original:
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with administrator privileges to view import source configuration information via a Broken Access Control vulnerability in {component}.
((Use the `; versions` script here to list the fixed and affected versions)) |
New:
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with administrator privileges to view import source configuration information via a Broken Access Control vulnerability in the Insight Import Source feature.
The affected versions are before version 4.21.0. *Affected versions:* * version < 4.21.0 *Fixed versions:* * 4.21.0 |
| Summary | Original: Import source config information is leaked via the Insight Import Source feature | New: Import source configuration information is leaked via the Insight Import Source feature |
at least some information regarding the LTS releases would be appreciated ...