Username enumeration on Jira Software Server 8.15 - CVE-2021-26081

2021-06-0901:05:42

security-metrics-bot

jira.atlassian.com

0.002 Low

EPSS

Percentile

55.9%

JSON

Affected versions of Atlassian Jira Server and Jira Data Center allow remote attackers to discover the username of users via an enumeration vulnerability in the REST API.

CVE-2021-26081

The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, from version 8.14.0 before 8.16.1, from version 8.17.0 before 8.16.2, and from version 8.17.0 before 8.17.0.

Affected versions:

version < 8.5.14
8.6.0 ≤ version < 8.13.6
8.14.0 ≤ version < 8.16.1

Fixed versions:

8.5.14
8.13.6
8.16.1
8.16.2
8.17.0

CPENameOperatorVersion
jira server and data centerle8.16.0
jira server and data centerlt8.16.2
jira server and data centerle8.5.13
jira server and data centerlt8.17.0
jira server and data centerlt8.13.6
jira server and data centerlt8.16.1
jira server and data centerle8.15.1
jira server and data centerle8.13.5
jira server and data centerlt8.5.14

Name	Operator	Version
jira server and data center	le	8.16.0
jira server and data center	lt	8.16.2
jira server and data center	le	8.5.13
jira server and data center	lt	8.17.0
jira server and data center	lt	8.13.6
jira server and data center	lt	8.16.1
jira server and data center	le	8.15.1
jira server and data center	le	8.13.5
jira server and data center	lt	8.5.14

0.002 Low

EPSS

Percentile

55.9%

JSON

Related for ATLASSIAN:JRASERVER-72499