CVE-2021-39125
First published: Tue Sep 14 2021(Updated: )
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Data Center | <8.5.10 | |
| Atlassian Data Center | >=8.6.0<8.13.1 | |
| Atlassian JIRA | <8.5.10 | |
| Atlassian Jira Server | >=8.6.0<8.13.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-39125.
What is the severity of CVE-2021-39125?
The severity of CVE-2021-39125 is medium (5.3).
How does CVE-2021-39125 affect Atlassian Jira Server and Data Center?
CVE-2021-39125 allows anonymous remote attackers to discover the usernames of users through an enumeration vulnerability on the password reset page in affected versions of Atlassian Jira Server and Data Center.
Which versions of Atlassian Jira Server and Data Center are affected by CVE-2021-39125?
The affected versions of Atlassian Jira Server and Data Center are before version 8.5.10, and from version 8.6.0 before 8.13.1.
Is there a fix available for CVE-2021-39125?
Yes, upgrading to version 8.5.10 or higher, or version 8.13.1 or higher, will fix CVE-2021-39125.
- collector/nvd-index
- vendor/atlassian
- canonical/atlassian data center
- version/atlassian data center/8.6.0
- canonical/atlassian jira
- canonical/atlassian jira server
- version/atlassian jira server/8.6.0