CVE-2021-43945: XSS
First published: Mon Feb 28 2022(Updated: )
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are before version 8.20.3.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Data Center | <8.20.3 | |
| Atlassian Jira | <8.20.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-43945.
What is the severity of CVE-2021-43945?
CVE-2021-43945 has a severity of medium.
What is the affected software for CVE-2021-43945?
The affected software for CVE-2021-43945 is Atlassian Jira Server and Data Center.
How can remote attackers exploit CVE-2021-43945?
Remote attackers with Roadmaps Administrator permissions can exploit CVE-2021-43945 by injecting arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint.
Is there a fix available for CVE-2021-43945?
Yes, a fix is available for CVE-2021-43945. It is recommended to upgrade to a version above 8.20.3.
- agent/type
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/atlassian
- canonical/atlassian data center
- canonical/atlassian jira