-
Public Security Vulnerability
-
Resolution: Fixed
-
Low
-
4.20.0
-
None
-
3.1
-
Low
-
CVE-2021-43951
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature.
The affected versions are before version 4.21.0.
Affected versions:
- version < 4.21.0
Fixed versions:
- 4.21.0
[JSDSERVER-10984] Object import configuration details are leaked via the Create Object type mapping feature - CVE-2021-43951
Fix Version/s | New: 4.20.4 [ 98814 ] |
CVE ID | New: CVE-2021-43951 |
Resolution | New: Fixed [ 1 ] | |
Security | Original: Atlassian Staff [ 10750 ] | |
Status | Original: Draft [ 12872 ] | New: Published [ 12873 ] |
Summary | Original: Object import configuration details are leaked via the Create Object type mapping feature - CVE registration for this issue is already in progress | New: Object import configuration details are leaked via the Create Object type mapping feature - CVE-2021-43951 |
Summary | Original: Object import configuration details are leaked via the Create Object type mapping feature | New: Object import configuration details are leaked via the Create Object type mapping feature - CVE registration for this issue is already in progress |
Description |
Original:
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature.
The affected versions are before version 4.21.0. *Affected versions:* * version < 4.21.0 *Fixed versions:* * 4.21.0 |
New:
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature.
The affected versions are before version 4.21.0. *Affected versions:* * version < 4.21.0 *Fixed versions:* * 4.21.0 |
Summary | Original: Import configuration details are leaked via the Create Object type mapping feature | New: Object import configuration details are leaked via the Create Object type mapping feature |
Description |
Original:
This vulnerability affects certain versions of Atlassian Jira Service Management Server. Please describe the impact of the vulnerability here. No known vulnerability could be read off of the parent. |
New:
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature.
The affected versions are before version 4.21.0. *Affected versions:* * version < 4.21.0 *Fixed versions:* * 4.21.0 |
Summary | Original: REST API endpoint leaked [import details] at private object | New: Import configuration details are leaked via the Create Object type mapping feature |
This is an independent assessment and you should evaluate its applicability to your own IT environment.
CVSS v3 score: 3.1 => Low severity
Exploitability Metrics
Scope Metric
Impact Metrics
https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N