Home

CVE-2021-39122

Description

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.

Risk Information

Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.284

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Atlassian Jira 8.15.0Windows
Multiple Vulnerabilities are affected in Atlassian Jira Core Data Center 8.6.2Windows
Multiple Vulnerabilities are affected in Atlassian Jira Core Data Center 8.15.0Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234