High Severity Information Disclosure Vulnerability Affects Jira Core Data Center Versions 9.4.0, 9.12.0, and 9.15.0
CVE-2024-21685

6.5MEDIUM

Key Information:

Vendor: Atlassian
Status: Jira Core Data Center
Vendor: CVE Published:; 18 June 2024

Summary

A significant information disclosure vulnerability has been identified in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This flaw enables unauthenticated attackers to access sensitive data, raising serious concerns regarding confidentiality. Notably, the vulnerability does not compromise the integrity or availability of the system; however, it requires user interaction to exploit. Atlassian advises all Jira Core Data Center users to upgrade to the latest version to mitigate this risk. If upgrading is not immediately possible, users should update to one of the specified fixed versions: Jira Core Data Center 9.4 (greater than or equal to 9.4.21), 9.12 (greater than or equal to 9.12.8), or 9.16 (greater than or equal to 9.16.0). For further insights, please refer to the detailed release notes and download the latest version from Atlassian's official download center.

Affected Version(s)

Jira Core Data Center 9.12.0 to 9.12.7

Jira Core Data Center 9.4.0 to 9.4.20

Jira Core Data Center 9.16.0 to 9.16.1

References

https://confluence.atlassian.com/pages/viewpage.action?pa...

https://jira.atlassian.com/browse/JRASERVER-77713

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 18, 2024
Vulnerability Reserved
Jan 1, 2024