CVE-2021-26070
First published: Wed Jan 27 2021(Updated: )
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the `makeRequest` gadget resource. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Data Center | <8.13.3 | |
| Atlassian Data Center | >=8.14.0<8.14.1 | |
| Atlassian JIRA | <8.13.3 | |
| Atlassian Jira Server | >=8.14.0<8.14.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-26070.
What is the severity rating of CVE-2021-26070?
The severity rating of CVE-2021-26070 is 7.2 (high).
Which versions of Atlassian Jira Server and Data Center are affected?
Affected versions of Atlassian Jira Server and Data Center are before version 8.13.3 and from version 8.14.0 to 8.14.1.
How can remote attackers exploit this vulnerability?
Remote attackers can exploit this vulnerability to bypass behind-the-firewall protection and access app-linked resources.
Where can I find more information about this vulnerability?
More information about this vulnerability can be found at: https://jira.atlassian.com/browse/JRASERVER-72029.
- collector/nvd-index
- agent/tags
- agent/event
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/atlassian
- canonical/atlassian data center
- version/atlassian data center/8.14.0
- canonical/atlassian jira
- canonical/atlassian jira server
- version/atlassian jira server/8.14.0