Описание
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the makeRequest gadget resource. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.13.3 (исключая)Версия от 8.14.0 (включая) до 8.14.1 (исключая)Версия до 8.13.3 (исключая)Версия от 8.14.0 (включая) до 8.14.1 (исключая)
Одно из
cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00911
Низкий
7.2 High
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 7.2
github
около 3 лет назад
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the `makeRequest` gadget resource. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1.
EPSS
Процентиль: 75%
0.00911
Низкий
7.2 High
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-287