CVE-2021-43948 — Incorrect Authorization in Atlassian Jira Service Management Data Center

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 41.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Jira Service Management Data Center Atlassian Jira Service Management Server Atlassian Jira Service Management

Timeline

PublishedFeb 15

Latest updateFeb 16

Description

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an Improper Authorization vulnerability in the "Move objects" feature. The affected versions are before version 4.21.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5atlassian/jira_service_management_data_centerunspecified — 4.21.0

▶CVEListV5atlassian/jira_service_management_serverunspecified — 4.21.0

▶NVDatlassian/jira_service_management< 4.21.0

🔴Vulnerability Details

GHSA

GHSA-9h25-h4g5-wgwf: Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private object↗2022-02-16

▶

CVEList

CVE-2021-43948: Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private object↗2022-02-15

▶