This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_112960Atlassian Jira < 8.19.0 Multiple Vulnerabilities
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
35.4%
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.19.0. It is, therefore, affected by multiple vulnerabilities:
-
A broken access control vulnerability in the issue notification feature allowing users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked. (CVE-2021-39119)
-
A denial of service (DoS) vulnerability in the GIF Image Reader component allowing remote attackers to impact the application’s availability. (CVE-2021-39116)
-
A vulnerability that permits remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render endpoint.
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source dataRelated
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
35.4%