CVE-2021-43959

5.7MEDIUM

Key Information

Vendor: Atlassian
Status: Jira Service Management Server; Jira Service Management Data Center
Vendor: CVE Published:; 26 July 2022

Summary

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of JSM Insight. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information. The affected versions are before version 4.13.20, from version 4.14.0 before 4.20.8, and from version 4.21.0 before 4.22.2.

Affected Version(s)

Jira Service Management Server < 4.13.20

Jira Service Management Server < 4.14.0

Jira Service Management Server < 4.20.8

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
Jul 26, 2022
Vulnerability Reserved.
Nov 16, 2021

Collectors

NVD DatabaseMitre Database