Lucene search
+L

5 matches found

vulnersosv
vulnersosv
added 2022/05/24 10:28 p.m.5 views

@nexus-switchboard/nexus-conn-jira (>=0.1.0 <=0.2.2), @nexus-switchboard/nexus-mod-service (>=0.4.1 <=0.6.3) +1 more potentially affected by CVE-2021-26073 via atlassian-connect-express (>=3.5.2 <=4.4.1)

atlassian-connect-express NPM version =3.5.2, =0.1.0, =0.4.1, =0.0.1, =2.0.5 Source cves: CVE-2021-26073 Source advisory: OSV:GHSA-4V96-M8XV-X83V...

7.7CVSS7.1AI score0.00915EPSS
Exploits0
nvd
nvd
added 2021/04/16 3:15 a.m.28 views

CVE-2021-26073

Broken Authentication in Atlassian Connect Express ACE from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or...

7.7CVSS0.00915EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2021/04/16 3:0 a.m.6 views

CVE-2021-26073

Broken Authentication in Atlassian Connect Express ACE from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or...

7.5AI score0.00915EPSS
Exploits0References3
cvelist
cvelist
added 2021/04/16 3:0 a.m.31 views

CVE-2021-26073

Broken Authentication in Atlassian Connect Express ACE from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or...

7.7AI score0.00915EPSS
Exploits0References3
cve
cve
added 2021/04/16 3:0 a.m.110 views

CVE-2021-26073

CVE-2021-26073 affects Atlassian Connect Express (ACE) in Node.js. ACE versions 3.0.2 through 6.5.0 (before 6.6.0) erroneously accept context JWTs on lifecycle endpoints (e.g., installation) where only server-to-server JWTs should be accepted, enabling an attacker to send authenticated re-install...

7.7CVSS7.4AI score0.00915EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder