cbcvebase.
CVE-2021-39127
published 2021-10-21

CVE-2021-39127: Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control…

medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1.

Affected

10 ranges
VendorProductVersion rangeFixed in
atlassianjira< 8.5.108.5.10
atlassianjira_data_center>= 8.6.0 < unspecifiedunspecified
atlassianjira_data_center>= 8.6.0 < 8.13.18.13.1
atlassianjira_data_center>= unspecified < 8.5.108.5.10
atlassianjira_data_center>= unspecified < 8.13.18.13.1
atlassianjira_server>= 8.6.0 < unspecifiedunspecified
atlassianjira_server>= 8.6.0 < 8.13.18.13.1
atlassianjira_server>= unspecified < 8.5.108.5.10
atlassianjira_server>= unspecified < 8.13.18.13.1
atlassianjira_software_data_center< 8.5.108.5.10