1. Home
  2. CVE Database
  3. CVE-2021-43959
MEDIUM · 5.7

CVE-2021-43959

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery...

Vulnerability Description

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of JSM Insight. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information. The affected versions are before version 4.13.20, from version 4.14.0 before 4.20.8, and from version 4.21.0 before 4.22.2.

CVSS Score

5.7

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
AtlassianJira Service Desk< 4.13.20
AtlassianJira Service Management>= 4.14.0, < 4.20.8

Related Weaknesses (CWE)

CWE-918

References

FAQ

What is CVE-2021-43959?

CVE-2021-43959 is a vulnerability with a CVSS score of 5.7 (MEDIUM). Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery...

How severe is CVE-2021-43959?

CVE-2021-43959 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-43959?

Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Jira Service Desk, Atlassian Jira Service Management.