CVE-2021-43951

CWE-200Information Exposure3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.3%
top 45.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Atlassian Jira Service Management Data CenterAtlassian Jira Service Management ServerAtlassian Jira Service Management
Timeline
PublishedJan 10
Latest updateJan 11

Description

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature. The affected versions are before version 4.21.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

CVEListV5atlassian/jira_service_management_data_centerunspecified4.21.0
CVEListV5atlassian/jira_service_management_serverunspecified4.21.0

🔴Vulnerability Details

2
GHSA
GHSA-h599-8w7q-3j7j: Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration2022-01-11
CVEList
CVE-2021-43951: Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration2022-01-10
CVE-2021-43951 (MEDIUM CVSS 4.3) | Affected versions of Atlassian Jira | cvebase.io