Server-Side Request Forgery Vulnerability in Atlassian Jira Service Management
CVE-2021-43959

5.7MEDIUM

Key Information:

Vendor: Atlassian
Status: Jira Service Management Server; Jira Service Management Data Center
Vendor: CVE Published:; 26 July 2022

Summary

A security issue in Atlassian Jira Service Management Server and Data Center's CSV importing feature permits authenticated remote attackers to exploit a Server-Side Request Forgery (SSRF) vulnerability. This flaw can allow unauthorized access to sensitive internal network resources. In particular setups, such as those hosted on Amazon EC2, attackers could leverage this vulnerability to gain access to critical metadata, potentially exposing sensitive credentials and confidential information.

Affected Version(s)

Jira Service Management Data Center < 4.13.20

Jira Service Management Data Center 4.14.0

Jira Service Management Data Center < 4.20.8

References

https://jira.atlassian.com/browse/JSDSERVER-11898

x_refsource_MISC

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 26, 2022
Vulnerability Reserved
Nov 16, 2021