CVE-2021-39119

EPSS 0.19%
Veröffentlicht 01.09.2021 23:15:07
Zuletzt bearbeitet 21.11.2024 06:18:37
Quelle security@atlassian.com
CVE-Watchlists
Login
Unerledigt
Login

Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken Access Control vulnerability in the issue notification feature. The affected versions are before version 8.19.0.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Atlassian ≫ Data Center Version < 8.19.0

Atlassian ≫ Jira Version < 8.19.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.405

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://jira.atlassian.com/browse/JRASERVER-72737

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-39119

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-39119

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-39119

EUVD