CVE-2021-39112

CWE-1022 CWE-601 — Open Redirect3 documents3 sources

Severity

4.8MEDIUM

EPSS

0.2%

top 58.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Jira Data Center Atlassian Jira Server Atlassian Data Center +1 more

Timeline

PublishedAug 25

Latest updateMay 24

Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from version 8.14.0 before 8.17.1, and from version 8.18.0 before 8.18.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages6 packages

▶CVEListV5atlassian/jira_data_centerunspecified — 8.5.15+6

▶NVDatlassian/jira_data_center8.6.0 — 8.13.7+2

▶CVEListV5atlassian/jira_serverunspecified — 8.5.15+6

▶NVDatlassian/data_center< 8.5.15

▶NVDatlassian/jira_server8.6.0 — 8.13.7+2

Patches

Patch: jira.atlassian.com ↗Patch: jira.atlassian.com ↗

🔴Vulnerability Details

GHSA

GHSA-m67q-p7gj-2wg9: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulner↗2022-05-24

▶

CVEList

CVE-2021-39112: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulner↗2021-08-25

▶