Description

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint. The affected versions are before version 8.5.18, from version 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2.

Remediation

References

CVE-2021-39121

Related Vulnerabilities

WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.136.3)

PHP Improper Preservation of Permissions Vulnerability (CVE-2020-7063)

Oracle HTTP Server Other Vulnerability (CVE-2012-2751)

Drupal Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5593)

WordPress Plugin leenk.me Multiple Vulnerabilities (2.5.0)

Severity

Medium

Classification

CVE-2021-39121

Tags

Missing Update Known Vulnerabilities