Auth bypass in Atlassian Data_center
CVE-2021-39119
Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken Access Control vulnerability in the issue no…
Vulnerability class: Broken Access Control
EPSS: 0.007 (49.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Atlassian Data_center
- Atlassian Jira
- Atlassian Jira Data Center — versions unspecified
- Atlassian Jira Server — versions unspecified
Weakness classification (CWE)
References
- security@atlassian.com (Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2021-39119?
- CVE-2021-39119 is a medium-severity vulnerability in Atlassian Data_center, classified under Incorrect Authorization. CVSS score: 5.3/10. Published 2021-09-01.
- How severe is CVE-2021-39119?
- Medium severity. CVSS v3 base score is 5.3 out of 10.