First published: Tue Jul 20 2021(Updated: )
Credit: security@atlassian.com
Affected Software | Affected Version | How to fix |
---|---|---|
Atlassian Data Center | <8.5.14 | |
Atlassian JIRA | <8.5.14 | |
Atlassian Jira Data Center | >=8.6.0<8.13.6 | |
Atlassian Jira Data Center | >=8.14.0<8.17.0 | |
Atlassian Jira Server | >=8.6.0<8.13.6 | |
Atlassian Jira Server | >=8.14.0<8.17.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-26082 is a vulnerability in Atlassian Jira Server and Jira Data Center that allows remote attackers to inject arbitrary HTML or JavaScript via a stored cross-site scripting vulnerability.
CVE-2021-26082 affects Atlassian Jira Server and Jira Data Center versions before 8.5.14, versions 8.6.0 to 8.13.6, and versions 8.14.0 to 8.17.0.
CVE-2021-26082 has a severity rating of medium with a CVSS score of 5.4.
To fix CVE-2021-26082, you should upgrade to Atlassian Jira Server or Jira Data Center version 8.5.14 or later.
You can find more information about CVE-2021-26082 at the Atlassian Jira Server and Jira Data Center issue tracker: https://jira.atlassian.com/browse/JRASERVER-72393