WEB APPLICATION VULNERABILITIES Standard & Premium

Atlassian Jira Incorrect Authorization Vulnerability (CVE-2021-43948)

Description

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an Improper Authorization vulnerability in the "Move objects" feature. The affected versions are before version 4.21.0.

Remediation

References

Related Vulnerabilities

WordPress Plugin Zoho CRM Lead Magnet Unspecified Vulnerability (1.7.2.9)

WordPress Plugin Check & Log Email Cross-Site Scripting (0.3)

WordPress Plugin Evarisk 'uploadPhotoApres.php' Arbitrary File Upload (5.1.5.4)

Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10384)

Oracle Application Server CVE-2009-0989 Vulnerability (CVE-2009-0989)

Severity

Medium

Classification

CVE-2021-43948 CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities