WEB APPLICATION VULNERABILITIES Standard & Premium

Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-39112)

Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from version 8.14.0 before 8.17.1, and from version 8.18.0 before 8.18.1.

Remediation

References

Related Vulnerabilities

Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2018-1333)

IBM RTC Incorrect Authorization Vulnerability (CVE-2017-1700)

WordPress Plugin Carts Guru PHP Object Injection (1.4.5)

WordPress Plugin WP-Filebase Download Manager 'base' Parameter SQL Injection (0.2.9)

WordPress Plugin iLive-Intelligent WordPress Live Chat Support Cross-Site Scripting (1.0.4)

Severity

Medium

Classification

CVE-2021-39112 CWE-601

Tags

Missing Update Known Vulnerabilities