CVE-2021-39112

CVE Database · CVE-2021-39112

CVE-2021-39112

· MEDIUMModified

CVSS v3.1

4.8

EPSS

0.73%

Published

Aug 25, 2021

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from version 8.14.0 before 8.17.1, and from version 8.18.0 before 8.18.1.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Weaknesses (CWE)

CWE-1022CWE-601

Affected Products (8)

atlassian · data_center (up to 8.5.15)vulnerable

atlassian · jira (up to 8.5.15)vulnerable

atlassian · jira_data_center (up to 8.13.7)vulnerable

atlassian · jira_data_center (up to 8.17.1)vulnerable

atlassian · jira_data_center (up to 8.18.1)vulnerable

atlassian · jira_server (up to 8.13.7)vulnerable

atlassian · jira_server (up to 8.17.1)vulnerable