Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the `makeRequest` gadget resource. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1.

Remediation

References

CVE-2021-26070

Related Vulnerabilities

Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.2)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-13395)

OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-23839)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1000410)

WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.8)

Severity

High

Classification

CVE-2021-26070 CWE-287

Tags

Missing Update Known Vulnerabilities