Authentication Bypass in SAML SSO Apps for Atlassian Products
CVE-2021-37843

9.8CRITICAL

Key Information:

Vendor: Atlassian
Status: Saml Single Sign On
Vendor: CVE Published:; 2 August 2021

Summary

This vulnerability allows a remote attacker to gain unauthorized access to user accounts in SAML SSO applications used by Atlassian products, merely by knowing the username. No additional authentication is needed, making it critical for organizations to patch affected versions of Jira, Confluence, Bitbucket, Bamboo, and Fisheye to safeguard against potential account compromises.

References

https://wiki.resolution.de/doc/saml-sso/5.0.x/all/securit...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 2, 2021
Vulnerability Reserved
Aug 2, 2021