Lucene search

[email protected]CVE-2021-43945

HistoryFeb 28, 2022 - 1:15 a.m.

CVE-2021-43945

2022-02-2801:15:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2021-43945

atlassian

jira

server

data center

sxss

vulnerability

html

javascript

remote attack

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

28.9%

JSON

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are before version 8.20.3.

CPENameOperatorVersion
atlassian:data_centeratlassian data centerlt8.20.3
atlassian:jiraatlassian jiralt8.20.3

CPE	Name	Operator	Version
atlassian:data_center	atlassian data center	lt	8.20.3
atlassian:jira	atlassian jira	lt	8.20.3

References

jira.atlassian.com/browse/JRASERVER-73069

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

28.9%

JSON

Related for CVE-2021-43945

nessus1 cvelist1 atlassian1 prion1 cnvd1