Vulnerability Details : CVE-2021-43951
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature. The affected versions are before version 4.21.0.
Vulnerability category: Information leak
Products affected by CVE-2021-43951
- cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
- cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-43951
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 34 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-43951
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2021-43951
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-43951
-
https://jira.atlassian.com/browse/JSDSERVER-10984
[JSDSERVER-10984] Object import configuration details are leaked via the Create Object type mapping feature - CVE-2021-43951 - Create and track feature requests for Atlassian products.Issue Tracking;Vendor Advisory
Jump to