Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of JSM Insight. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information. The affected versions are before version 4.13.20, from version 4.14.0 before 4.20.8, and from version 4.21.0 before 4.22.2.
References
| Link | Resource |
|---|---|
| https://jira.atlassian.com/browse/JSDSERVER-11898 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
02 Aug 2022, 14:02
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-918 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.7 |
| CPE | cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:server:*:*:* |
|
| First Time |
Atlassian jira Service Management
Atlassian Atlassian jira Service Desk |
|
| References | (N/A) https://jira.atlassian.com/browse/JSDSERVER-11898 - Issue Tracking, Vendor Advisory |
26 Jul 2022, 08:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-07-26 08:15
Updated : 2023-12-10 14:35
NVD link : CVE-2021-43959
Mitre link : CVE-2021-43959
CVE.ORG link : CVE-2021-43959
JSON object : View
Products Affected
atlassian
- jira_service_management
- jira_service_desk
CWE
CWE-918
Server-Side Request Forgery (SSRF)