CVE-2021-26070

Summary

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the makeRequest gadget resource. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1.

Affected Software

VendorProductVersion RangeStatus
AtlassianJira Serverunspecified < 8.13.3affected
AtlassianJira Server8.14.0 < unspecifiedaffected
AtlassianJira Serverunspecified < 8.14.1affected
AtlassianJira Data Centerunspecified < 8.13.3affected
AtlassianJira Data Center8.14.0 < unspecifiedaffected
AtlassianJira Data Centerunspecified < 8.14.1affected

Weaknesses

  • Broken Authentication

ADP Enrichment

CVE Program Container

Additional References

References