← Volver a CVEs
CVE-2021-39112
MEDIUM4.8
Descripcion
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from version 8.14.0 before 8.17.1, and from version 8.18.0 before 8.18.1.
Detalles CVE
Puntuacion CVSS v3.14.8
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioREQUIRED
Publicado8/25/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
atlassian:data_centeratlassian:jiraatlassian:jira_data_centeratlassian:jira_server
Debilidades (CWE)
CWE-1022CWE-601
Referencias
https://jira.atlassian.com/browse/JRASERVER-72433(security@atlassian.com)
https://jira.atlassian.com/browse/JRASERVER-72433(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.