- Description
- Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature. The affected versions are before version 4.21.0.
- Source
- security@atlassian.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
- nvd@nist.gov
- CWE-200
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F18D7561-1205-4CC4-B722-EA6AC944DC03",
"versionEndExcluding": "4.21.0"
},
{
"criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD5BF72F-1E87-4E75-A55B-7F85EE1BEE09",
"versionEndExcluding": "4.21.0"
}
],
"operator": "OR"
}
]
}
]