Lucene search
PRIOn knowledge basePRION:CVE-2021-26077HistoryMay 10, 2021 - 12:15 a.m.
Authentication flaw
2021-05-1000:15:00
PRIOn knowledge base
www.prio-n.com
1
Broken Authentication in Atlassian Connect Spring Boot (ACSB) in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions 1.1.0 before 2.1.3 and versions 2.1.4 before 2.1.5 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app.
| CPE | Name | Operator | Version |
|---|---|---|---|
| connect_spring_boot | ge | 1.1.0 | |
| connect_spring_boot | lt | 2.1.3 | |
| connect_spring_boot | ge | 2.1.4 | |
| connect_spring_boot | lt | 2.1.5 |
Related
cve
cve
CVE-2021-26077
2021-05-10 00:15:07
osv
osv
Improper Authentication in Atlassian Connect Spring Boot
2021-06-16 17:23:12
nvd
nvd
CVE-2021-26077
2021-05-10 00:15:07
cvelist
cvelist
CVE-2021-26077
2021-05-07 00:00:00
github
github
Improper Authentication in Atlassian Connect Spring Boot
2021-06-16 17:23:12