CVE-2021-43950

CWE-287Improper Authentication3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.4%
top 41.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Atlassian Jira Service Management Data CenterAtlassian Jira Service Management ServerAtlassian Jira Service Management
Timeline
PublishedFeb 15
Latest updateFeb 16

Description

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import source configuration information via a Broken Access Control vulnerability in the Insight Import Source feature. The affected versions are before version 4.21.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

CVEListV5atlassian/jira_service_management_data_centerunspecified4.21.0
CVEListV5atlassian/jira_service_management_serverunspecified4.21.0

🔴Vulnerability Details

2
GHSA
GHSA-29hh-2h73-48vc: Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import source configuration2022-02-16
CVEList
CVE-2021-43950: Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import source configuration2022-02-15
CVE-2021-43950 (MEDIUM CVSS 4.3) | Affected versions of Atlassian Jira | cvebase.io