CVE-2021-26076

🗓️ 14 Apr 2021 23:45:19Reported by atlassianType

The Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, 8.6.0 before version 8.13.4, and 8.14.0 before version 8.15.0 allows remote attackers to learn user editing mode due to insecure cookie settings

Reporter	Title	Published	Views	Family All 14
Atlassian	jira.editor.user.mode cookie missing the secure attribute when Jira is configured with https - CVE-2021-26076	24 Mar 202114:00	–	atlassian
Atlassian	jira.editor.user.mode cookie missing the secure attribute when Jira is configured with https - CVE-2021-26076	24 Mar 202114:00	–	atlassian
CNNVD	Atlassian Jira 安全漏洞	14 Apr 202100:00	–	cnnvd
CNVD	Atlassian Jira Server and Data Center has an unspecified vulnerability (CNVD-2021-55941)	8 May 202100:00	–	cnvd
CVE	CVE-2021-26076	14 Apr 202123:45	–	cve
EUVD	EUVD-2021-12898	7 Oct 202500:30	–	euvd
NCSC	Vulnerabilities fixed in Atlassian Jira	16 Apr 202100:00	–	ncsc
NVD	CVE-2021-26076	15 Apr 202100:15	–	nvd
OSV	CVE-2021-26076	15 Apr 202100:15	–	osv
Prion	Hardcoded credentials	15 Apr 202100:15	–	prion

[
  {
    "product": "Jira Server",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "8.5.12",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "8.6.0",
        "versionType": "custom"
      },
      {
        "lessThan": "8.13.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "8.14.0",
        "versionType": "custom"
      },
      {
        "lessThan": "8.15.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Jira Data Center",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "8.5.12",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "8.6.0",
        "versionType": "custom"
      },
      {
        "lessThan": "8.13.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "8.14.0",
        "versionType": "custom"
      },
      {
        "lessThan": "8.15.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
jira	www.jira.atlassian.com/browse/JRASERVER-72252

14 Apr 2021 23:45Current

4.5Medium risk

Vulners AI Score4.5

EPSS0.00214