CVE-2021-39112

Summary

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from version 8.14.0 before 8.17.1, and from version 8.18.0 before 8.18.1.

Affected Software

VendorProductVersion RangeStatus
AtlassianJira Serverunspecified < 8.5.15affected
AtlassianJira Server8.6.0 < unspecifiedaffected
AtlassianJira Serverunspecified < 8.13.7affected
AtlassianJira Server8.14.0 < unspecifiedaffected
AtlassianJira Serverunspecified < 8.17.1affected
AtlassianJira Server8.18.0 < unspecifiedaffected
AtlassianJira Serverunspecified < 8.18.1affected
AtlassianJira Data Centerunspecified < 8.5.15affected
AtlassianJira Data Center8.6.0 < unspecifiedaffected
AtlassianJira Data Centerunspecified < 8.13.7affected
AtlassianJira Data Center8.14.0 < unspecifiedaffected
AtlassianJira Data Centerunspecified < 8.17.1affected
AtlassianJira Data Center8.18.0 < unspecifiedaffected
AtlassianJira Data Centerunspecified < 8.18.1affected

Weaknesses

  • CWE-1022: CWE-1022: Use of Web Link to Untrusted Target with window.opener Access

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References