Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-39112)

Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from version 8.14.0 before 8.17.1, and from version 8.18.0 before 8.18.1.

Remediation

References

Related Vulnerabilities

WordPress Plugin HashThemes Demo Importer Security Bypass (1.1.1)

PHP-Fusion CVE-2020-35952 Vulnerability (CVE-2020-35952)

MySQL CVE-2019-2967 Vulnerability (CVE-2019-2967)

Drupal Resource Management Errors Vulnerability (CVE-2014-5265)

SharePoint Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-49704)

Severity

Medium

Classification

CVE-2021-39112 CWE-601

Tags

Missing Update Known Vulnerabilities