Description

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR) vulnerability in the Average Number of Times in Status Gadget. The affected versions are before version 8.13.12..

Remediation

References

CVE-2021-41305

Related Vulnerabilities

WordPress Plugin Contact Form by BestWebSoft Cross-Site Scripting (3.81)

Drupal CVE-2017-6930 Vulnerability (CVE-2017-6930)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-3766)

Drupal Core 4.7.x Multiple Cross-Site Scripting Vulnerabilities (4.7.0 - 4.7.6)

WordPress Plugin Simple Image Sizes Unspecified Vulnerability (2.2.4)

Severity

High

Classification

CVE-2021-41305 CWE-639

Tags

Missing Update Known Vulnerabilities