First published: Thu Oct 21 2021(Updated: )
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1.
Credit: security@atlassian.com security@atlassian.com
Affected Software | Affected Version | How to fix |
---|---|---|
Atlassian JIRA | <8.5.10 | |
Atlassian Jira Data Center | >=8.6.0<8.13.1 | |
Atlassian Jira Server | >=8.6.0<8.13.1 | |
Atlassian Jira Software Data Center | <8.5.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-39127
The severity level of CVE-2021-39127 is medium (5.3).
The affected software for CVE-2021-39127 includes Atlassian Jira Server, Atlassian Jira Data Center, and Atlassian Jira Software Data Center.
Anonymous remote attackers can exploit CVE-2021-39127 by targeting the query component JQL endpoint via a Broken Access Control vulnerability.
Versions before 8.5.10 of Atlassian Jira Server and versions from 8.6.0 before 8.13.1 of Atlassian Jira Server and Data Center are affected by CVE-2021-39127.