Lucene search
Security-metrics-botATLASSIAN:JRASERVER-72715HistoryAug 18, 2021 - 1:00 a.m.
Project key enumeration via the /rest/api/latest/projectvalidate/key endpoint - CVE-2021-39121
2021-08-1801:00:26
security-metrics-bot
jira.atlassian.com
17
0.001 Low
EPSS
Percentile
35.5%
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint.
The affected versions are before version 8.5.18, from version 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2.
Affected versions:
- version < 8.5.18
- 8.6.0 ≤ version < 8.13.10
- 8.14.0 ≤ version < 8.18.2
Fixed versions:
- 8.5.18
- 8.13.10
- 8.18.2
Related
cve
cve
CVE-2021-39121
2021-09-08 02:15:06
nvd
nvd
CVE-2021-39121
2021-09-08 02:15:06
prion
prion
Information disclosure
2021-09-08 02:15:00
cvelist
cvelist
CVE-2021-39121
2021-08-18 00:00:00
atlassian
atlassian
nessus
nessus
Atlassian Jira 8.14.x < 8.18.2 Multiple Vulnerabilities
2021-09-10 00:00:00
Atlassian Jira < 8.5.18 Multiple Vulnerabilities
2021-09-10 00:00:00
Atlassian Jira 8.6.x < 8.13.10 Multiple Vulnerabilities
2021-09-10 00:00:00