jira.atlassian.com
Open in
urlscan Pro
185.166.143.26
Public Scan
URL:
https://jira.atlassian.com/browse/JSDSERVER-15309
Submission: On June 19 via manual from FI — Scanned from NL
Submission: On June 19 via manual from FI — Scanned from NL
Form analysis
2 forms found in the DOMGET /secure/QuickSearch.jspa
<form action="/secure/QuickSearch.jspa" method="get" id="quicksearch" class="aui-quicksearch dont-default-focus ajs-dirty-warning-exempt">
<input id="quickSearchInput" aria-live="polite" role="searchbox" autocomplete="off" class="search" type="text" title="Search ( Type '/' )" placeholder="Search" name="searchString" accesskey="q">
<div class="quick-search-spinner"></div>
<input type="submit" class="hidden" value="Search">
</form>
<form id="jira_request_timing_info" class="dont-default-focus">
<fieldset class="parameters hidden">
<input type="hidden" title="jira.request.start.millis" value="1718799546387">
<input type="hidden" title="jira.request.server.time" value="80">
<input type="hidden" title="jira.request.id" value="739x64055131x1">
<input type="hidden" title="jira.session.expiry.time" value="-">
<input type="hidden" title="jira.session.expiry.in.mins" value="-">
<input id="jiraConcurrentRequests" type="hidden" name="jira.request.concurrent.requests" value="1">
<input type="hidden" title="db.reads.time.in.ms" value="7">
<input type="hidden" title="db.conns.time.in.ms" value="11">
</fieldset>
</form>
Text Content
Log inSkip to main contentSkip to sidebar Linked Applications Something went wrong, please try again. * Dashboards * Projects * Issues * * Give feedback to Atlassian * Help * Jira Core help * Keyboard Shortcuts * About Jira * Jira Credits * Log In IMPORTANT: JAC is a Public system and anyone on the internet will be able to view the data in the created JAC tickets. Please don’t include Customer or Sensitive data in the JAC ticket. JIRA SERVICE MANAGEMENT DATA CENTER * Issues * Reports * Components 1. Jira Service Management Data Center 2. JSDSERVER-15309 INFORMATION DISCLOSURE IN JIRA SERVICE MANAGEMENT DATA CENTER AND SERVER Log In Published Export nullView workflow XMLWordPrintable DETAILS * Type: Public Security Vulnerability * Resolution: Fixed * Priority: High * Fix Version/s: 5.16.0, 5.4.21, 5.12.8 * Affects Version/s: 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 5.4.6, 5.4.7, 5.4.8, 5.4.9, 5.4.10, 5.12.0, 5.4.11, 5.4.12, (19) 5.12.1, 5.4.13, 5.4.14, 5.4.15, 5.12.2, 5.4.16, 5.12.3, 5.4.17, 5.12.4, 5.15.0, 5.4.18, 5.12.6, 5.4.19, 5.12.5, 5.15.1, 5.4.20, 5.12.7, 5.15.2, 5.15.3 * Component/s: None * Labels: None * CVSS Score: 7.4 * CVSS Severity: High * CVE ID: CVE-2024-21685 * Vulnerability Source: Atlassian (Internal) * CVSSv3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N * Vulnerability Classes: Information Disclosure * Affected Product(s): Jira Service Management Data Center, Jira Service Management Server DESCRIPTION This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information Disclosure vulnerability which has high impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Jira Service Management Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Data Center Affected versions Fixed versions 5.15.0 to 5.15.3 5.16.0 5.14.0 to 5.14.2 5.16.0 5.13.0 to 5.13.2 5.16.0 from 5.12.0 LTS to 5.12.7 LTS 5.16.0 or 5.12.8 LTS recommended from 5.11.0 to 5.11.3 5.16.0 or 5.12.8 LTS recommended from 5.10.0 to 5.10.2 5.16.0 or 5.12.8 LTS recommended from 5.9.0 to 5.9.2 5.16.0 or 5.12.8 LTS recommended from 5.8.0 to 5.8.2 5.16.0 or 5.12.8 LTS recommended from 5.7.0 to 5.7.2 5.16.0 or 5.12.8 LTS recommended from 5.6.0 to 5.6.2 5.16.0 or 5.12.8 LTS recommended from 5.5.0 to 5.5.1 5.16.0 or 5.12.8 LTS recommended from 5.4.0 LTS to 5.4.20 LTS 5.16.0 or 5.12.8 LTS recommended or 5.4.21 LTS from 5.3.0 to 5.3.1 5.16.0 or 5.12.8 LTS recommended or 5.4.21 LTS from 5.2.0 to 5.2.1 5.16.0 or 5.12.8 LTS recommended or 5.4.21 LTS from 5.1.0 to 5.1.1 5.16.0 or 5.12.8 LTS recommended or 5.4.21 LTS 5.0 5.16.0 or 5.12.8 LTS recommended or 5.4.21 LTS from 4.22 to 4.22.6 5.16.0 or 5.12.8 LTS recommended or 5.4.21 LTS Any earlier versions 5.16.0 or 5.12.8 LTS recommended or 5.4.21 LTS Server Affected versions Fixed versions from 5.12.0 LTS to 5.12.7 LTS 5.12.8 LTS recommended from 5.11.0 to 5.11.3 5.12.8 LTS recommended from 5.10.0 to 5.10.2 5.12.8 LTS recommended from 5.9.0 to 5.9.2 5.12.8 LTS recommended from 5.8.0 to 5.8.2 5.12.8 LTS recommended from 5.7.0 to 5.7.2 5.12.8 LTS recommended from 5.6.0 to 5.6.2 5.12.8 LTS recommended from 5.5.0 to 5.5.1 5.12.8 LTS recommended from 5.4.0 LTS to 5.4.20 LTS 5.12.8 LTS recommended or 5.4.21 LTS from 5.3.0 to 5.3.1 5.12.8 LTS recommended or 5.4.21 LTS from 5.2.0 to 5.2.1 5.12.8 LTS recommended or 5.4.21 LTS from 5.1.0 to 5.1.1 5.12.8 LTS recommended or 5.4.21 LTS 5.0 5.12.8 LTS recommended or 5.4.21 LTS from 4.22 to 4.22.6 5.12.8 LTS recommended or 5.4.21 LTS Any earlier versions 5.12.8 LTS recommended or 5.4.21 LTS See the release notes (http://www.atlassian.com/software/jira/service-management/download-archives). You can download the latest version of Jira Software Data Center and Server from the download center (http://www.atlassian.com/software/jira/service-management/download-archives) This vulnerability was found internally. ATTACHMENTS ACTIVITY [JSDSERVER-15309] INFORMATION DISCLOSURE IN JIRA SERVICE MANAGEMENT DATA CENTER AND SERVER * All * Comments * Work Log * History * Activity There are no comments yet on this issue. PEOPLE Assignee: Unassigned Reporter: Lee Berg Votes: 0 Vote for this issue Watchers: 4 Start watching this issue DATES Created: 15/May/2024 12:28 AM Updated: Yesterday 5:00 PM Resolved: Yesterday 5:00 PM BACKBONE ISSUE SYNC * Atlassian Jira Project Management Software * About Jira * Report a problem * Privacy policy * Notice at Collection Atlassian This site uses cookies to improve your browsing experience, perform analytics and research, and conduct advertising. To change your preferences, click Manage preferences. Otherwise, clicking Accept all cookies indicates you agree to our use of cookies on your device. Clicking Reject all cookies means you do not agree to our use of non-strictly necessary cookies on your device.Atlassian Cookies and Tracking Notice Manage preferences Reject all cookies Accept all cookies MANAGE PREFERENCES When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. More information Accept all STRICTLY NECESSARY COOKIES Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. TARGETING COOKIES Targeting Cookies These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. FUNCTIONAL COOKIES Functional Cookies These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. PERFORMANCE COOKIES Performance Cookies These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. Back Button COOKIE LIST Search Icon Filter Icon Clear checkbox label label Apply Cancel Consent Leg.Interest checkbox label label checkbox label label checkbox label label Reject all Confirm my choices