CVE-2024-21685 — MEDIUM (6.5)

Q: How severe is CVE-2024-21685?

CVE-2024-21685 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-21685?

Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Jira Data Center, Atlassian Jira Server.

Vulnerability Description

This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information Disclosure vulnerability which has high impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Jira Core Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Jira Core Data Center 9.4: Upgrade to a release greater than or equal to 9.4.21 Jira Core Data Center 9.12: Upgrade to a release greater than or equal to 9.12.8 Jira Core Data Center 9.16: Upgrade to a release greater than or equal to 9.16.0 See the release notes. You can download the latest version of Jira Core Data Center from the download center. This vulnerability was found internally.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Atlassian	Jira Data Center	>= 9.4.0, < 9.4.21
Atlassian	Jira Server	>= 9.4.0, < 9.4.21

Related Weaknesses (CWE)

CWE-200

References

https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211Vendor Advisory
https://jira.atlassian.com/browse/JRASERVER-77713Issue TrackingVendor Advisory
https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211Vendor Advisory
https://jira.atlassian.com/browse/JRASERVER-77713Issue TrackingVendor Advisory

FAQ

What is CVE-2024-21685?

CVE-2024-21685 is a vulnerability with a CVSS score of 6.5 (MEDIUM). This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Scor...

How severe is CVE-2024-21685?

CVE-2024-21685 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-21685?

Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Jira Data Center, Atlassian Jira Server.