Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the `makeRequest` gadget resource. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1.

Remediation

References

CVE-2021-26070

Related Vulnerabilities

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29046)

Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2015-2750)

WordPress Plugin Admin Columns Cross-Site Scripting (4.3.1)

Moodle Improper Control of Generation of Code (Code Injection) (CVE-2019-14827)

Rukovoditel Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-11818)

Severity

High

Classification

CVE-2021-26070 CWE-287

Tags

Missing Update Known Vulnerabilities