Lucene search

K
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_113882
HistoryMay 03, 2023 - 12:00 a.m.

Atlassian Jira Service Management < 4.21.0 Multiple Vulnerabilities

2023-05-0300:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
atlassian jira service management
multiple vulnerabilities
authenticated attackers
improper authorization
broken access control
information disclosure
cross-site scripting

0.001 Low

EPSS

Percentile

35.3%

According to its self-reported version number, the Atlassian Jira Service Management application running on the remote host is prior to version 4.21.0. It is, therefore, affected by multiple vulnerabilities:

  • A flaw which permits authenticated remote attackers to view the names of private objects via an Improper Authorization vulnerability in the “Move objects” feature (CVE-2021-43948).

  • A flaw which permits authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature (CVE-2021-43949).

  • A flaw which permits authenticated remote attackers to view import source configuration information via a Broken Access Control vulnerability in the Insight Import Source feature (CVE-2021-43950).

  • A flaw which permits authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature (CVE-2021-43951).

  • A vulnerability which permits authenticated remote attackers with administrator privileges to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the “Object Schema” field of /secure/admin/InsightDefaultCustomFieldConfig.jspa (CVE-2021-43943).

Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.

No source data
VendorProductVersionCPE
atlassianjira_service_management*cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:*:*:*:*

0.001 Low

EPSS

Percentile

35.3%

Related for WEB_APPLICATION_SCANNING_113882