Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint. The affected versions are before version 8.5.18, from version 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2.
Advisories
Source ID Title
EUVD EUVD EUVD-2021-25557 Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint. The affected versions are before version 8.5.18, from version 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 10 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: atlassian

Published:

Updated: 2024-10-10T15:05:06.059Z

Reserved: 2021-08-16T00:00:00

Link: CVE-2021-39121

cve-icon Vulnrichment

Updated: 2024-08-04T01:58:17.588Z

cve-icon NVD

Status : Modified

Published: 2021-09-08T02:15:06.737

Modified: 2024-11-21T06:18:37.403

Link: CVE-2021-39121

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.