3 matches found
CVE-2021-21371
Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. It published in pypi as "tenable-jira-cloud". In tenable-jira-cloud before version 1.1.21, it is possible to run...
CVE-2021-21371 Execution of untrusted code through config file
Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. It published in pypi as "tenable-jira-cloud". In tenable-jira-cloud before version 1.1.21, it is possible to run...
CVE-2021-21371
CVE-2021-21371 affects Tenable for Jira Cloud (tenable-jira-cloud) prior to version 1.1.21. The underlying issue is an insecure YAML handling: yaml.load() enables an attacker with local host access to execute arbitrary code via a crafted YAML configuration. Remediation: upgrade to version 1.1.21 ...