urlscan.io logo urlscan.io
SecurityTrails logo

jira.atlassian.com Open in urlscan Pro
185.166.143.26  Public Scan

Back to summary
URL: https://jira.atlassian.com/browse/JSDSERVER-15309
Submission: On June 19 via manual from FI — Scanned from NL

Form analysis 2 forms found in the DOM

GET /secure/QuickSearch.jspa

<form action="/secure/QuickSearch.jspa" method="get" id="quicksearch" class="aui-quicksearch dont-default-focus ajs-dirty-warning-exempt">
  <input id="quickSearchInput" aria-live="polite" role="searchbox" autocomplete="off" class="search" type="text" title="Search ( Type '/' )" placeholder="Search" name="searchString" accesskey="q">
  <div class="quick-search-spinner"></div>
  <input type="submit" class="hidden" value="Search">
</form>

<form id="jira_request_timing_info" class="dont-default-focus">
  <fieldset class="parameters hidden">
    <input type="hidden" title="jira.request.start.millis" value="1718799546387">
    <input type="hidden" title="jira.request.server.time" value="80">
    <input type="hidden" title="jira.request.id" value="739x64055131x1">
    <input type="hidden" title="jira.session.expiry.time" value="-">
    <input type="hidden" title="jira.session.expiry.in.mins" value="-">
    <input id="jiraConcurrentRequests" type="hidden" name="jira.request.concurrent.requests" value="1">
    <input type="hidden" title="db.reads.time.in.ms" value="7">
    <input type="hidden" title="db.conns.time.in.ms" value="11">
  </fieldset>
</form>

Text Content

Log inSkip to main contentSkip to sidebar
Linked Applications
Something went wrong, please try again.
 * Dashboards
   
 * Projects
   
 * Issues
   
   

 * 
 * Give feedback to Atlassian
 * Help
    * Jira Core help
    * Keyboard Shortcuts
    * About Jira
    * Jira Credits

 * Log In
   

IMPORTANT: JAC is a Public system and anyone on the internet will be able to
view the data in the created JAC tickets. Please don’t include Customer or
Sensitive data in the JAC ticket.
JIRA SERVICE MANAGEMENT DATA CENTER


 * Issues
 * Reports
 * Components


 1. Jira Service Management Data Center
 2. JSDSERVER-15309


INFORMATION DISCLOSURE IN JIRA SERVICE MANAGEMENT DATA CENTER AND SERVER


Log In

Published


Export

nullView workflow
XMLWordPrintable


DETAILS

 * Type: Public Security Vulnerability
 * Resolution: Fixed
 * Priority: High
 * Fix Version/s: 5.16.0, 5.4.21, 5.12.8
 * Affects Version/s: 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 5.4.6, 5.4.7,
   5.4.8, 5.4.9, 5.4.10, 5.12.0, 5.4.11, 5.4.12, (19)
   5.12.1, 5.4.13, 5.4.14, 5.4.15, 5.12.2, 5.4.16, 5.12.3, 5.4.17, 5.12.4,
   5.15.0, 5.4.18, 5.12.6, 5.4.19, 5.12.5, 5.15.1, 5.4.20, 5.12.7, 5.15.2,
   5.15.3
 * Component/s: None
 * Labels:
   None

 * CVSS Score:
   7.4
 * CVSS Severity:
   High
 * CVE ID:
   CVE-2024-21685
 * Vulnerability Source:
   Atlassian (Internal)
 * CVSSv3 Vector:
   CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
 * Vulnerability Classes:
   Information Disclosure
 * Affected Product(s):
   Jira Service Management Data Center, Jira Service Management Server


DESCRIPTION

This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an
unauthenticated attacker to view sensitive information via an Information
Disclosure vulnerability which has high impact to confidentiality, no impact to
integrity, no impact to availability, and requires user interaction.

Atlassian recommends that Jira Service Management Data Center and Server
customers upgrade to latest version, if you are unable to do so, upgrade your
instance to one of the specified supported fixed versions:

 

Data Center

Affected versions Fixed versions 5.15.0 to 5.15.3 5.16.0  5.14.0 to 5.14.2
5.16.0 5.13.0 to 5.13.2 5.16.0 from 5.12.0 LTS to 5.12.7 LTS 5.16.0 or 5.12.8
LTS recommended from 5.11.0 to 5.11.3 5.16.0 or 5.12.8 LTS recommended from
5.10.0 to 5.10.2 5.16.0 or 5.12.8 LTS recommended from 5.9.0 to 5.9.2 5.16.0 or
5.12.8 LTS recommended from 5.8.0 to 5.8.2 5.16.0 or 5.12.8 LTS recommended from
5.7.0 to 5.7.2 5.16.0 or 5.12.8 LTS recommended from 5.6.0 to 5.6.2 5.16.0 or
5.12.8 LTS recommended from 5.5.0 to 5.5.1 5.16.0 or 5.12.8 LTS recommended from
5.4.0 LTS to 5.4.20 LTS 5.16.0 or 5.12.8 LTS recommended or 5.4.21 LTS from
5.3.0 to 5.3.1 5.16.0 or 5.12.8 LTS recommended or 5.4.21 LTS from 5.2.0 to
5.2.1 5.16.0 or 5.12.8 LTS recommended or 5.4.21 LTS from 5.1.0 to 5.1.1 5.16.0
or 5.12.8 LTS recommended or 5.4.21 LTS 5.0 5.16.0 or 5.12.8 LTS recommended or
5.4.21 LTS from 4.22 to 4.22.6 5.16.0 or 5.12.8 LTS recommended or 5.4.21 LTS
Any earlier versions 5.16.0 or 5.12.8 LTS recommended or 5.4.21 LTS

 

Server

Affected versions Fixed versions from 5.12.0 LTS to 5.12.7 LTS 5.12.8 LTS
recommended from 5.11.0 to 5.11.3 5.12.8 LTS recommended from 5.10.0 to 5.10.2
5.12.8 LTS recommended from 5.9.0 to 5.9.2 5.12.8 LTS recommended from 5.8.0 to
5.8.2 5.12.8 LTS recommended from 5.7.0 to 5.7.2 5.12.8 LTS recommended from
5.6.0 to 5.6.2 5.12.8 LTS recommended from 5.5.0 to 5.5.1 5.12.8 LTS recommended
from 5.4.0 LTS to 5.4.20 LTS 5.12.8 LTS recommended or 5.4.21 LTS from 5.3.0 to
5.3.1 5.12.8 LTS recommended or 5.4.21 LTS from 5.2.0 to 5.2.1 5.12.8 LTS
recommended or 5.4.21 LTS from 5.1.0 to 5.1.1 5.12.8 LTS recommended or 5.4.21
LTS 5.0 5.12.8 LTS recommended or 5.4.21 LTS from 4.22 to 4.22.6 5.12.8 LTS
recommended or 5.4.21 LTS Any earlier versions 5.12.8 LTS recommended or 5.4.21
LTS

 

See the release notes
(http://www.atlassian.com/software/jira/service-management/download-archives).
You can download the latest version of Jira Software Data Center and Server from
the download center
(http://www.atlassian.com/software/jira/service-management/download-archives)

This vulnerability was found internally.


ATTACHMENTS




ACTIVITY


[JSDSERVER-15309] INFORMATION DISCLOSURE IN JIRA SERVICE MANAGEMENT DATA CENTER
AND SERVER

 * All
 * Comments
 * Work Log
 * History
 * Activity


There are no comments yet on this issue.


PEOPLE

Assignee: Unassigned Reporter: Lee Berg
Votes: 0 Vote for this issue Watchers: 4 Start watching this issue


DATES

Created: 15/May/2024 12:28 AM Updated: Yesterday 5:00 PM Resolved: Yesterday
5:00 PM


BACKBONE ISSUE SYNC



 * Atlassian Jira Project Management Software
 * About Jira
 * Report a problem
 * Privacy policy
 * Notice at Collection



Atlassian







This site uses cookies to improve your browsing experience, perform analytics
and research, and conduct advertising. To change your preferences, click Manage
preferences. Otherwise, clicking Accept all cookies indicates you agree to our
use of cookies on your device. Clicking Reject all cookies means you do not
agree to our use of non-strictly necessary cookies on your device.Atlassian
Cookies and Tracking Notice
Manage preferences Reject all cookies Accept all cookies



MANAGE PREFERENCES

When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
Accept all

STRICTLY NECESSARY COOKIES

Always Active

These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.

TARGETING COOKIES

Targeting Cookies

These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They are based on uniquely identifying your
browser and internet device. If you do not allow these cookies, you will
experience less targeted advertising.

FUNCTIONAL COOKIES

Functional Cookies

These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.

PERFORMANCE COOKIES

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. If you do not
allow these cookies we will not know when you have visited our site, and will
not be able to monitor its performance.

Back Button


COOKIE LIST



Search Icon
Filter Icon

Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label

Reject all Confirm my choices