Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the pre-auth logic that enables an attacker to activate the default-disabled POJO import feature. The attacker can then upload and import a malicious Java POJO leading to execution of arbitrary code by...

EUVD-2021-30813

Malicious code in bioql PyPI...

Leaked admin credentials via Insight object import

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated users to see admin credentials via an information disclosure vulnerability in the \BaseUrl/rest/insight/1.0/import/module/test/rlabs-import-type-json?objectSchemaId= endpoint. The affected versions a...

CVE-2021-43951

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature. The affected versions are before version 4.21.0...

Information disclosure

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature. The affected versions are before version 4.21.0...

CVE-2021-43951

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature. The affected versions are before version 4.21.0...