Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of JSM Insight. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information. The affected versions are before version 4.13.20, from version 4.14.0 before 4.20.8, and from version 4.21.0 before 4.22.2.
History

Thu, 03 Oct 2024 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: atlassian

Published: 2022-07-26T08:00:14.034351Z

Updated: 2024-10-03T18:37:02.582Z

Reserved: 2021-11-16T00:00:00

Link: CVE-2021-43959

cve-icon Vulnrichment

Updated: 2024-08-04T04:10:16.934Z

cve-icon NVD

Status : Modified

Published: 2022-07-26T08:15:07.177

Modified: 2024-11-21T06:30:05.483

Link: CVE-2021-43959

cve-icon Redhat

No data.