Uploaded image for project: 'Jira Service Management Data Center'
  1. Jira Service Management Data Center
  2. JSDSERVER-10984

Object import configuration details are leaked via the Create Object type mapping feature - CVE-2021-43951

    • 3.1
    • Low
    • CVE-2021-43951

      Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature.

      The affected versions are before version 4.21.0.

      Affected versions:

      • version < 4.21.0

      Fixed versions:

      • 4.21.0

            [JSDSERVER-10984] Object import configuration details are leaked via the Create Object type mapping feature - CVE-2021-43951

            David Chan made changes -
            Fix Version/s New: 4.20.4 [ 98814 ]
            Security Metrics Bot made changes -
            CVE ID New: CVE-2021-43951
            AB made changes -
            Resolution New: Fixed [ 1 ]
            Security Original: Atlassian Staff [ 10750 ]
            Status Original: Draft [ 12872 ] New: Published [ 12873 ]
            AB made changes -
            Summary Original: Object import configuration details are leaked via the Create Object type mapping feature - CVE registration for this issue is already in progress New: Object import configuration details are leaked via the Create Object type mapping feature - CVE-2021-43951

            AB added a comment - - edited

            This is an independent assessment and you should evaluate its applicability to your own IT environment.

            CVSS v3 score: 3.1 => Low severity

            Exploitability Metrics

            Attack Vector Network
            Attack Complexity High
            Privileges Required Low
            User Interaction None

            Scope Metric

            Scope Unchanged

            Impact Metrics

            Confidentiality Low
            Integrity None
            Availability None

            https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

            AB added a comment - - edited This is an independent assessment and you should evaluate its applicability to your own IT environment. CVSS v3 score: 3.1 => Low severity Exploitability Metrics Attack Vector Network Attack Complexity High Privileges Required Low User Interaction None Scope Metric Scope Unchanged Impact Metrics Confidentiality Low Integrity None Availability None https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
            AB made changes -
            Summary Original: Object import configuration details are leaked via the Create Object type mapping feature New: Object import configuration details are leaked via the Create Object type mapping feature - CVE registration for this issue is already in progress
            AB made changes -
            Description Original: Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature.

            The affected versions are before version 4.21.0.

            *Affected versions:*

             * version < 4.21.0

            *Fixed versions:*

             * 4.21.0
            New: Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature.

            The affected versions are before version 4.21.0.

            *Affected versions:*

             * version < 4.21.0

            *Fixed versions:*

             * 4.21.0
            AB made changes -
            Summary Original: Import configuration details are leaked via the Create Object type mapping feature New: Object import configuration details are leaked via the Create Object type mapping feature
            AB made changes -
            Description Original:
            This vulnerability affects certain versions of Atlassian Jira Service Management Server. Please describe the impact of the vulnerability here. No known vulnerability could be read off of the parent.
            New: Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature.

            The affected versions are before version 4.21.0.

            *Affected versions:*

             * version < 4.21.0

            *Fixed versions:*

             * 4.21.0
            AB made changes -
            Summary Original: REST API endpoint leaked [import details] at private object New: Import configuration details are leaked via the Create Object type mapping feature

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: