EUVD-2021-30811

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Affected Atlassian Jira versions before 4.21.0 expose private objects via Broken Access Control.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2021-43949	10 Jan 202218:14	–	circl
CNNVD	Atlassian Jira 信息泄露漏洞	10 Jan 202200:00	–	cnnvd
CNVD	Atlassian Jira Access Control Error Vulnerability (CNVD-2022-05435)	14 Jan 202200:00	–	cnvd
CVE	CVE-2021-43949	10 Jan 202215:26	–	cve
Cvelist	CVE-2021-43949	10 Jan 202215:26	–	cvelist
Atlassian	An unauthorized user can view private objects via the Custom Fields feature - CVE-2021-43949	22 Dec 202103:14	–	atlassian
NVD	CVE-2021-43949	10 Jan 202216:15	–	nvd
OSV	CVE-2021-43949	10 Jan 202216:15	–	osv
Prion	Improper access control	10 Jan 202216:15	–	prion
Vulnrichment	CVE-2021-43949	10 Jan 202215:26	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "025776d4-260b-3332-865a-35737d63450e",
        "vendor": {
          "name": "Atlassian"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "4c74d85f-90f5-3064-9041-0dd1993218d1",
        "product": {
          "name": "Jira Service Management Data Center"
        },
        "product_version": "unspecified <4.21.0"
      },
      {
        "id": "805fcf9a-2092-3b1b-a483-474367a83c28",
        "product": {
          "name": "Jira Service Management Server"
        },
        "product_version": "unspecified <4.21.0"
      }
    ]
  }
]

Source	Link
jira	www.jira.atlassian.com/browse/JSDSERVER-10982

03 Oct 2025 20:07Current

4.9Medium risk

Vulners AI Score4.9

CVSS 3.14.3

CVSS 24

EPSS0.00168

SSVC