Vulnerability in Atlassian Jira Data Center

CVE-2021-39112

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15…

EPSS: 0.002 (41.6th percentile) — read the EPSS interpretation.

Affected products

Atlassian Jira Data Center — versions unspecified, 8.6.0, 8.14.0
Atlassian Jira Server — versions unspecified, 8.6.0, 8.14.0

Weakness classification (CWE)

CWE-1022 — Use of Web Link to Untrusted Target with window.opener Access

References

jira.atlassian.com/browse/JRASERVER-72433 (x_refsource_MISC)