CVE-2021-39113
First published: Mon Aug 30 2021(Updated: )
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. The affected versions are before version 8.13.9, and from version 8.14.0 before 8.18.0.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Data Center | <8.13.9 | |
| Atlassian JIRA | <8.13.9 | |
| Atlassian Jira Data Center | >=8.14.0<8.18.0 | |
| Atlassian Jira Server | >=8.14.0<8.18.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of the Atlassian Jira Server and Data Center vulnerability?
The vulnerability ID is CVE-2021-39113.
What is the severity of CVE-2021-39113?
The severity of CVE-2021-39113 is high with a CVSS score of 7.5.
What is the affected software?
The affected software includes Atlassian Jira Server and Data Center versions before 8.13.9, and versions from 8.14.0 to 8.18.0.
What is the impact of the vulnerability?
The vulnerability allows anonymous remote attackers to continue viewing cached content even after losing permissions.
Is there a fix for CVE-2021-39113?
Yes, the fix for CVE-2021-39113 is available in version 8.13.9 of Atlassian Jira Server and Data Center.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/event
- vendor/atlassian
- canonical/atlassian data center
- canonical/atlassian jira
- canonical/atlassian jira data center
- version/atlassian jira data center/8.14.0
- canonical/atlassian jira server
- version/atlassian jira server/8.14.0