• Type: Public Security Vulnerability
• Resolution: Fixed
• Priority: Low
• Fix Version/s: 4.21.0, 4.20.4
• Affects Version/s: 4.20.0
• Component/s: None
• Labels:

  • advisory
  • advisory-to-release
  • dont-import
  • security

[JSDSERVER-10984] Object import configuration details are leaked via the Create Object type mapping feature - CVE-2021-43951

David Chan made changes - 20/Jan/2022 10:05 PM

Fix Version/s

New: 4.20.4 [ 98814 ]

Security Metrics Bot made changes - 16/Jan/2022 8:28 PM

CVE ID

New: CVE-2021-43951

AB made changes - 10/Jan/2022 6:32 AM

Resolution		New: Fixed [ 1 ]
Security	Original: Atlassian Staff [ 10750 ]
Status	Original: Draft [ 12872 ]	New: Published [ 12873 ]

AB made changes - 10/Jan/2022 6:32 AM

Summary

Original: Object import configuration details are leaked via the Create Object type mapping feature - CVE registration for this issue is already in progress

New: Object import configuration details are leaked via the Create Object type mapping feature - CVE-2021-43951

AB made changes - 06/Jan/2022 1:40 AM

Summary

Original: Object import configuration details are leaked via the Create Object type mapping feature

New: Object import configuration details are leaked via the Create Object type mapping feature - CVE registration for this issue is already in progress

AB made changes - 06/Jan/2022 1:40 AM

Description

Original: Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature. The affected versions are before version 4.21.0. *Affected versions:*  * version < 4.21.0 *Fixed versions:*  * 4.21.0

New: Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature. The affected versions are before version 4.21.0. *Affected versions:*  * version < 4.21.0 *Fixed versions:*  * 4.21.0

AB made changes - 06/Jan/2022 1:39 AM

Summary

Original: Import configuration details are leaked via the Create Object type mapping feature

New: Object import configuration details are leaked via the Create Object type mapping feature

AB made changes - 06/Jan/2022 1:39 AM

Description

Original: This vulnerability affects certain versions of Atlassian Jira Service Management Server. Please describe the impact of the vulnerability here. No known vulnerability could be read off of the parent.

New: Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature. The affected versions are before version 4.21.0. *Affected versions:*  * version < 4.21.0 *Fixed versions:*  * 4.21.0

AB made changes - 06/Jan/2022 1:38 AM

Summary

Original: REST API endpoint leaked [import details] at private object

New: Import configuration details are leaked via the Create Object type mapping feature

Security Metrics Bot made changes - 22/Dec/2021 3:16 AM

Labels

New: advisory advisory-to-release dont-import security

Security Metrics Bot created issue - 22/Dec/2021 3:16 AM