4.9
CVE-2021-39112
- EPSS 0.28%
- Veröffentlicht 25.08.2021 03:15:06
- Zuletzt bearbeitet 21.11.2024 06:18:35
- Quelle security@atlassian.com
- CVE-Watchlists
- Unerledigt
LoginAffected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from version 8.14.0 before 8.17.1, and from version 8.18.0 before 8.18.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Atlassian ≫ Data Center Version < 8.5.15
Atlassian ≫ Jira Data Center Version >= 8.6.0 < 8.13.7
Atlassian ≫ Jira Data Center Version >= 8.14.0 < 8.17.1
Atlassian ≫ Jira Data Center Version >= 8.18.0 < 8.18.1
Atlassian ≫ Jira Server Version >= 8.6.0 < 8.13.7
Atlassian ≫ Jira Server Version >= 8.14.0 < 8.17.1
Atlassian ≫ Jira Server Version >= 8.18.0 < 8.18.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.51 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.9 | 6.8 | 4.9 |
AV:N/AC:M/Au:S/C:P/I:P/A:N
|
CWE-1022 Use of Web Link to Untrusted Target with window.opener Access
The web application produces links to untrusted external sites outside of its sphere of control, but it does not properly prevent the external site from modifying security-critical properties of the window.opener object, such as the location property.
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.