4.3
CVE-2021-26076
- EPSS 0.33%
- Veröffentlicht 15.04.2021 00:15:12
- Zuletzt bearbeitet 21.11.2024 05:55:49
- Quelle security@atlassian.com
- CVE-Watchlists
- Unerledigt
LoginThe jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the middle attack to learn which mode a user is editing in due to the cookie not being set with a secure attribute if Jira was configured to use https.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Atlassian ≫ Data Center Version < 8.5.12
Atlassian ≫ Jira Data Center Version >= 8.6.0 < 8.13.4
Atlassian ≫ Jira Data Center Version >= 8.14.0 < 8.15.1
Atlassian ≫ Jira Server Version >= 8.6.0 < 8.13.4
Atlassian ≫ Jira Server Version >= 8.14.0 < 8.15.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.551 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.7 | 2.2 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|