Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-39112)

Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from version 8.14.0 before 8.17.1, and from version 8.18.0 before 8.18.1.

Remediation

References

Related Vulnerabilities

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-8994)

TYPO3 Improper Authentication Vulnerability (CVE-2022-36106)

Atlassian Jira Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-13404)

MySQL CVE-2016-8318 Vulnerability (CVE-2016-8318)

Craft CMS Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2021-41824)

Severity

Medium

Classification

CVE-2021-39112 CWE-601

Tags

Missing Update Known Vulnerabilities