CVE-2024-21685

CWE-200 — Information Exposure4 documents4 sources

Severity

6.5MEDIUM

EPSS

1.0%

top 23.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Jira Data Center Atlassian Jira Server Atlassian Jira Core Data Center

Timeline

PublishedJun 18

Description

This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information Disclosure vulnerability which has high impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Jira Core Data Center customers upg…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5atlassian/jira_core_data_center9.12.0 to 9.12.7, 9.4.0 to 9.4.20+1

▶NVDatlassian/jira_data_center9.4.0 — 9.4.21+2

▶NVDatlassian/jira_server9.4.0 — 9.4.21+1

🔴Vulnerability Details

GHSA

GHSA-j6h8-65gx-v495: This High severity Information Disclosure vulnerability was introduced in versions 9↗2024-06-18

▶

CVEList

CVE-2024-21685: This High severity Information Disclosure vulnerability was introduced in versions 9↗2024-06-18

▶

📋Vendor Advisories

Atlassian

CVE-2024-21685: 5.16.0 to 5.16.1 Data Center Only 5.12.8 to 5.12.10 (LTS) recommended 5.4.21 to 5.4.23 (LTS)↗

▶