Vulnerabilities fixed in Atlassian Jira

Atlassian has fixed several vulnerabilities in Jira. A unauthenticated remote malicious person can exploit the vulnerabilities exploit them to gain access to information about the system or to perform a Cross-Site Scripting XSS attack. The latter can lead to the execution of arbitrary script code...

CVE-2021-26076

The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the middle attack to learn...

CVE-2021-26076

CVE-2021-26076 concerns the jira.editor.user.mode cookie used by the Jira Editor Plugin on Jira Server/Data Center. The issue arises when the cookie isn’t marked as Secure if Jira is configured to use HTTPS, enabling remote anonymous attackers to perform a man-in-the-middle attack to learn which ...

jira.editor.user.mode cookie missing the secure attribute when Jira is configured with https - CVE-2021-26076

The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the middle attack to learn...

jira.editor.user.mode cookie missing the secure attribute when Jira is configured with https - CVE-2021-26076

The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the middle attack to learn...