Reflected Cross-Site Scripting Vulnerability in Atlassian Jira Server and Data Center
CVE-2021-43942

6.1MEDIUM

Key Information:

Vendor: Atlassian
Status: Jira Server; Jira Data Center
Vendor: CVE Published:; 4 January 2022

Summary

A vulnerability in Atlassian Jira Server and Data Center allows remote attackers to execute arbitrary HTML or JavaScript code through reflected cross-site scripting. This occurs via a vulnerable endpoint, which can be exploited if users are deceived into visiting a malicious site that triggers the execution of harmful scripts. Versions of the product affected are those prior to 8.13.15 and versions from 8.14.0 up to but not including 8.20.3. Prompt updating of these affected versions is advised to protect against potential exploits.

Affected Version(s)

Jira Data Center < 8.13.15

Jira Data Center 8.14.0

Jira Data Center < 8.20.3

References

https://jira.atlassian.com/browse/JRASERVER-73068

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 4, 2022
Vulnerability Reserved
Nov 16, 2021