vulnerability

Atlassian JIRA: Exposure of Resource to Wrong Sphere (CVE-2021-39127)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Oct 21, 2021	Dec 7, 2021	Dec 7, 2021

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Oct 21, 2021

Added

Dec 7, 2021

Modified

Dec 7, 2021

Description

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1.

Solutions

atlassian-jira-upgrade-8_13_1atlassian-jira-upgrade-8_5_10

References

CVE-2021-39127
https://attackerkb.com/topics/CVE-2021-39127

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today