Atlassian Jira < 8.5.14 Multiple Vulnerabilities

2021-07-0200:00:00

www.tenable.com

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.14, 8.6.x < 8.13.6 or 8.14.x < 8.16.1. It is, therefore, affected by multiple vulnerabilities:

A Cross-Site Scripting (XSS) vulnerability in the EditWorkflowScheme.jspa component. (CVE 2021-26080)
A Cross-Site Scripting (XSS) vulnerability in the number range searcher component. (CVE-2021-26078)

Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.

No source data

VendorProductVersionCPE
atlassianjira*cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
atlassian	jira	*	cpe:2.3:a:atlassian:jira::::::::

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26078

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26080

jira.atlassian.com/browse/JRASERVER-72392

jira.atlassian.com/browse/JRASERVER-72432

JSON

Related for WEB_APPLICATION_SCANNING_112816