CVE-2021-26074 - OpenCVE

Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions from version 1.1.0 before version 2.1.3 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Atlassian	Connect Spring Boot

Configuration 1 [-]

cpe:2.3:a:atlassian:connect_spring_boot:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://community.developer.atlassian.com/t/action-required-atlassian-connect-vulnerability-allows-bypass-of-app-qsh-verification-via-context-jwts/47072
https://confluence.atlassian.com/pages/viewpage.action?pageId=1051986106

History

No history.

MITRE

Status: PUBLISHED

Assigner: atlassian

Published: 2021-04-16T03:00:19.829013Z

Updated: 2024-09-16T23:16:24.630Z

Reserved: 2021-01-25T00:00:00

Link: CVE-2021-26074

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-04-16T03:15:12.113

Modified: 2022-03-01T16:25:40.350

Link: CVE-2021-26074

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Atlassian Connect Spring Boot (ACSB)", "vendor": "Atlassian", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "1.1.0", "versionType": "custom"}, {"lessThan": "2.1.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-04-13T00:00:00", "descriptions": [{"lang": "en", "value": "Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions from version 1.1.0 before version 2.1.3 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app."}], "problemTypes": [{"descriptions": [{"description": "Broken Authentication", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-02-23T03:45:15", "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1051986106"}, {"tags": ["x_refsource_MISC"], "url": "https://community.developer.atlassian.com/t/action-required-atlassian-connect-vulnerability-allows-bypass-of-app-qsh-verification-via-context-jwts/47072"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2021-04-13T00:00:00", "ID": "CVE-2021-26074", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Atlassian Connect Spring Boot (ACSB)", "version": {"version_data": [{"version_affected": ">=", "version_value": "1.1.0"}, {"version_affected": "<", "version_value": "2.1.3"}]}}]}, "vendor_name": "Atlassian"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions from version 1.1.0 before version 2.1.3 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Broken Authentication"}]}]}, "references": {"reference_data": [{"name": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1051986106", "refsource": "MISC", "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1051986106"}, {"name": "https://community.developer.atlassian.com/t/action-required-atlassian-connect-vulnerability-allows-bypass-of-app-qsh-verification-via-context-jwts/47072", "refsource": "MISC", "url": "https://community.developer.atlassian.com/t/action-required-atlassian-connect-vulnerability-allows-bypass-of-app-qsh-verification-via-context-jwts/47072"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:19:20.044Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1051986106"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://community.developer.atlassian.com/t/action-required-atlassian-connect-vulnerability-allows-bypass-of-app-qsh-verification-via-context-jwts/47072"}]}]}, "cveMetadata": {"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "assignerShortName": "atlassian", "cveId": "CVE-2021-26074", "datePublished": "2021-04-16T03:00:19.829013Z", "dateReserved": "2021-01-25T00:00:00", "dateUpdated": "2024-09-16T23:16:24.630Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:connect_spring_boot:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AA2CBC2-F9F4-4F3C-8446-D995F1D8AE2E", "versionEndExcluding": "2.1.3", "versionStartIncluding": "1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions from version 1.1.0 before version 2.1.3 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app."}, {"lang": "es", "value": "Autenticaci\u00f3n rota en Atlassian Connect Spring Boot (ACSB) desde la versi\u00f3n 1.1.0 versiones anteriores a 2.1.3: Atlassian Connect Spring Boot es un paquete Java Spring Boot para crear aplicaciones de Atlassian Connect. La autenticaci\u00f3n entre los productos de Atlassian y la aplicaci\u00f3n Atlassian Connect Spring Boot se produce con un JWT de servidor a servidor o un JWT de contexto. Las versiones de Atlassian Connect Spring Boot desde la versi\u00f3n 1.1.0 versiones anteriores a 2.1.3 aceptan err\u00f3neamente JWTs de contexto en los puntos finales del ciclo de vida (como la instalaci\u00f3n) cuando solo deber\u00edan aceptarse JWTs de servidor a servidor, lo que permite a un atacante enviar eventos de reinstalaci\u00f3n autenticados a una aplicaci\u00f3n"}], "id": "CVE-2021-26074", "lastModified": "2022-03-01T16:25:40.350", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-16T03:15:12.113", "references": [{"source": "security@atlassian.com", "tags": ["Vendor Advisory"], "url": "https://community.developer.atlassian.com/t/action-required-atlassian-connect-vulnerability-allows-bypass-of-app-qsh-verification-via-context-jwts/47072"}, {"source": "security@atlassian.com", "tags": ["Vendor Advisory"], "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1051986106"}], "sourceIdentifier": "security@atlassian.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}