CVE-2021-43959: SSRF
First published: Tue Jul 26 2022(Updated: )
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of JSM Insight. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information. The affected versions are before version 4.13.20, from version 4.14.0 before 4.20.8, and from version 4.21.0 before 4.22.2.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Jira Service Desk | <4.13.20 | |
| Atlassian Jira Service Desk | <4.13.20 | |
| Atlassian Jira Service Management | >=4.14.0<4.20.8 | |
| Atlassian Jira Service Management | >=4.14.0<4.20.8 | |
| Atlassian Jira Service Management | >=4.21.0<4.22.2 | |
| Atlassian Jira Service Management | >=4.21.0<4.22.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-43959?
CVE-2021-43959 is a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of JSM Insight in Atlassian Jira Service Management Server and Data Center.
How does CVE-2021-43959 impact Atlassian Jira Service Desk?
CVE-2021-43959 allows authenticated remote attackers to access the content of internal network resources.
What versions of Atlassian Jira Service Desk are affected by CVE-2021-43959?
Atlassian Jira Service Desk versions up to and excluding 4.13.20 are affected by CVE-2021-43959.
What versions of Atlassian Jira Service Management are affected by CVE-2021-43959?
Atlassian Jira Service Management versions 4.14.0 up to and excluding 4.20.8, and versions 4.21.0 up to and excluding 4.22.2 are affected by CVE-2021-43959.
How can I fix CVE-2021-43959 in Atlassian Jira Service Desk?
To fix CVE-2021-43959 in Atlassian Jira Service Desk, you should upgrade to a version 4.13.20 or higher.
How can I fix CVE-2021-43959 in Atlassian Jira Service Management?
To fix CVE-2021-43959 in Atlassian Jira Service Management, you should upgrade to a version 4.20.8 or higher, or a version 4.22.2 or higher.
What is the severity of CVE-2021-43959?
The severity of CVE-2021-43959 is medium, with a severity value of 5.7.
What is the CWE ID of CVE-2021-43959?
The CWE ID of CVE-2021-43959 is CWE-918.
Where can I find more information about CVE-2021-43959?
You can find more information about CVE-2021-43959 on the Atlassian Jira Service Desk website at the following link: [https://jira.atlassian.com/browse/JSDSERVER-11898](https://jira.atlassian.com/browse/JSDSERVER-11898)
- collector/nvd-index
- agent/type
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/softwarecombine
- agent/description
- agent/tags
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/atlassian
- canonical/atlassian jira service desk
- canonical/atlassian jira service management
- version/atlassian jira service management/4.14.0
- version/atlassian jira service management/4.21.0