The resolution SAML SSO apps for Atlassian products allow a remote attacker to login to a user account when only the username is known (i.e., no other authentication is provided). The fixed versions are for Jira: 3.6.6.1, 4.0.12, 5.0.5; for Confluence 3.6.6, 4.0.12, 5.0.5; for Bitbucket 2.5.9, 3.6.6, 4.0.12, 5.0.5; for Bamboo 2.5.9, 3.6.6, 4.0.12, 5.0.5; and for Fisheye 2.5.9.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-08-02T18:47:32
Updated: 2024-08-04T01:30:08.452Z
Reserved: 2021-08-02T00:00:00
Link: CVE-2021-37843
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-08-02T19:15:08.567
Modified: 2024-11-21T06:15:57.710
Link: CVE-2021-37843
Redhat
No data.