-
Public Security Vulnerability
-
Resolution: Fixed
-
Low
-
4.22.1, 4.13.19, 4.20.7
-
None
-
4.6
-
Medium
-
CVE-2021-43959
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of JSM Insight.
When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information.
The affected versions are before version 4.13.20, from version 4.14.0 before 4.20.8, and from version 4.21.0 before 4.22.2.
Affected versions:
- version < 4.13.20
- 4.14.0 ≤ version < 4.20.8
- 4.21.0 ≤ version < 4.22.2
Fixed versions:
- 4.13.20
- 4.20.8
- 4.22.2
- mentioned in
-
Page Failed to load
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[JSDSERVER-11898] SSRF via CSV import into JSM Insight - CVE-2021-43959
| Remote Link | New: This issue links to "Page (Confluence)" [ 733361 ] |
| CVE ID | New: CVE-2021-43959 |
| Security | Original: Atlassian Staff [ 10750 ] |
| Labels | Original: advisory advisory-to-release dont-import security | New: advisory advisory-to-release dont-import security 🔢✅ |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: Draft [ 12872 ] | New: Published [ 12873 ] |
| Summary | Original: SSRF via CSV import into JSM Insight - CVE registration for this issue is already in progress | New: SSRF via CSV import into JSM Insight - CVE-2021-43959 |
| Summary | Original: SSRF via CSV import into JSM Insight | New: SSRF via CSV import into JSM Insight - CVE registration for this issue is already in progress |
| Summary | Original: SSRF via CSV import into JSM Insights | New: SSRF via CSV import into JSM Insight |
| Description |
Original:
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the ObjectSchema.jspa endpoint.
When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information. The affected versions are before version 4.13.20, from version 4.14.0 before 4.20.8, and from version 4.21.0 before 4.22.2. *Affected versions:* * version < 4.13.20 * 4.14.0 ≤ version < 4.20.8 * 4.21.0 ≤ version < 4.22.2 *Fixed versions:* * 4.13.20 * 4.20.8 * 4.22.2 |
New:
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of JSM Insight.
When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information. The affected versions are before version 4.13.20, from version 4.14.0 before 4.20.8, and from version 4.21.0 before 4.22.2. *Affected versions:* * version < 4.13.20 * 4.14.0 ≤ version < 4.20.8 * 4.21.0 ≤ version < 4.22.2 *Fixed versions:* * 4.13.20 * 4.20.8 * 4.22.2 |
| Summary | Original: An Atlassian product has a security vulnerability. | New: SSRF via CSV import into JSM Insights |