CVE-2021-39112
First published: Wed Aug 25 2021(Updated: )
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from version 8.14.0 before 8.17.1, and from version 8.18.0 before 8.18.1.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Data Center | <8.5.15 | |
| Atlassian JIRA | <8.5.15 | |
| Atlassian Jira Data Center | >=8.6.0<8.13.7 | |
| Atlassian Jira Data Center | >=8.14.0<8.17.1 | |
| Atlassian Jira Data Center | >=8.18.0<8.18.1 | |
| Atlassian Jira Server | >=8.6.0<8.13.7 | |
| Atlassian Jira Server | >=8.14.0<8.17.1 | |
| Atlassian Jira Server | >=8.18.0<8.18.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-39112?
CVE-2021-39112 is a vulnerability in Atlassian Jira Server and Data Center that allows remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature.
Which versions of Atlassian Jira Server and Data Center are affected by CVE-2021-39112?
The affected versions of Atlassian Jira Server and Data Center are before version 8.5.15, from version 8.6.0 before 8.13.7, from version 8.14.0 before 8.17.1, and from version 8.18.0 before 8.18.1.
What is the severity of CVE-2021-39112?
CVE-2021-39112 has a severity rating of 4.8, which is considered medium.
How can I fix CVE-2021-39112?
To fix CVE-2021-39112, you should update Atlassian Jira Server and Data Center to version 8.5.15 or above.
Where can I find more information about CVE-2021-39112?
You can find more information about CVE-2021-39112 on the Atlassian Jira Server and Data Center official website.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/atlassian
- canonical/atlassian data center
- canonical/atlassian jira
- canonical/atlassian jira data center
- version/atlassian jira data center/8.6.0
- version/atlassian jira data center/8.14.0
- version/atlassian jira data center/8.18.0
- canonical/atlassian jira server
- version/atlassian jira server/8.6.0
- version/atlassian jira server/8.14.0
- version/atlassian jira server/8.18.0