CVE-2021-43959

CWE-918 — Server-Side Request Forgery (SSRF)3 documents3 sources

Severity

5.7MEDIUM

EPSS

0.3%

top 49.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Jira Service Management Data Center Atlassian Jira Service Management Server Atlassian Jira Service Desk +1 more

Timeline

PublishedJul 26

Latest updateJul 27

Description

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of JSM Insight. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information. The affected versions are before version 4.13.20,…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5atlassian/jira_service_management_serverunspecified — 4.13.20+4

▶CVEListV5atlassian/jira_service_management_data_centerunspecified — 4.13.20+4

▶NVDatlassian/jira_service_management4.14.0 — 4.20.8+1

▶NVDatlassian/jira_service_desk< 4.13.20

🔴Vulnerability Details

GHSA

GHSA-5rqp-fx48-4mvw: Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal n↗2022-07-27

▶

CVEList

CVE-2021-43959: Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal n↗2022-07-26

▶