CVE-2021-43949

🗓️ 10 Jan 2022 15:26:24Reported by atlassianType

Authenticated remote attackers can view private objects via Broken Access Control in Atlassian Jira Service Management. Affected versions are before 4.21.0

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2021-43949	10 Jan 202218:14	–	circl
CNNVD	Atlassian Jira 信息泄露漏洞	10 Jan 202200:00	–	cnnvd
CNVD	Atlassian Jira Access Control Error Vulnerability (CNVD-2022-05435)	14 Jan 202200:00	–	cnvd
Cvelist	CVE-2021-43949	10 Jan 202215:26	–	cvelist
EUVD	EUVD-2021-30811	3 Oct 202520:07	–	euvd
Atlassian	An unauthorized user can view private objects via the Custom Fields feature - CVE-2021-43949	22 Dec 202103:14	–	atlassian
NVD	CVE-2021-43949	10 Jan 202216:15	–	nvd
OSV	CVE-2021-43949	10 Jan 202216:15	–	osv
Prion	Improper access control	10 Jan 202216:15	–	prion
Vulnrichment	CVE-2021-43949	10 Jan 202215:26	–	vulnrichment

NVD

Node

atlassian jira_service_managementRange<4.21.0data_center

atlassian jira_service_managementRange<4.21.0server

[
  {
    "product": "Jira Service Management Server",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "4.21.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Jira Service Management Data Center",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "4.21.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
jira	www.jira.atlassian.com/browse/JSDSERVER-10982

21 Nov 2024 06:30Current

4.5Medium risk

Vulners AI Score4.5

CVSS 24

CVSS 3.14.3

EPSS0.00168

SSVC

CWE-200