CVE-2021-26073

🗓️ 16 Apr 2021 03:00:19Reported by atlassianType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 96 Views

CVE-2021-26073: Broken Authentication in Atlassian Connect Express (ACE) before 6.6.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2021-26073	12 Feb 202522:10	–	circl
CNNVD	Bitbucket atlassian-connect-express 授权问题漏洞	15 Apr 202100:00	–	cnnvd
Cvelist	CVE-2021-26073	16 Apr 202103:00	–	cvelist
EUVD	EUVD-2021-12896	7 Oct 202500:30	–	euvd
Github Security Blog	Broken Authentication in Atlassian Connect Express	24 May 202222:28	–	github
NVD	CVE-2021-26073	16 Apr 202103:15	–	nvd
OSV	GHSA-4V96-M8XV-X83V Broken Authentication in Atlassian Connect Express	24 May 202222:28	–	osv
Prion	Authentication flaw	16 Apr 202103:15	–	prion
Positive Technologies	PT-2021-16940 · Atlassian · Connect Express	16 Apr 202100:00	–	ptsecurity
vulnersOsv	@nexus-switchboard/nexus-conn-jira (>=0.1.0 <=0.2.2), @nexus-switchboard/nexus-mod-service (>=0.4.1 <=0.6.3) +1 more potentially affected by CVE-2021-26073 via atlassian-connect-express (>=3.5.2 <=4.4.1)	24 May 202222:28	–	vulnersosv

NVD

Node

atlassian connect_expressRange3.0.2–6.6.0node.js

[
  {
    "product": "Atlassian Connect Express (ACE)",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "3.0.2",
        "versionType": "custom"
      },
      {
        "lessThan": "6.6.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
security	www.security.netapp.com/advisory/ntap-20210604-0004/
confluence	www.confluence.atlassian.com/pages/viewpage.action
community	www.community.developer.atlassian.com/t/action-required-atlassian-connect-vulnerability-a%5B%E2%80%A6%5Dypass-of-app-qsh-verification-via-context-jwts/47072

12 Feb 2025 21:15Current

7.4High risk

Vulners AI Score7.4

CVSS 24

CVSS 3.17.7

EPSS0.00343

SSVC

CWE-287