vulnerability

Atlassian JIRA: Exposure of Resource to Wrong Sphere (CVE-2021-39127)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Oct 21, 2021	Dec 7, 2021	Dec 7, 2021

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Oct 21, 2021

Added

Dec 7, 2021

Modified

Dec 7, 2021

Description

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1.

Solutions

atlassian-jira-upgrade-8_13_1atlassian-jira-upgrade-8_5_10

References

CVE-2021-39127
https://attackerkb.com/topics/CVE-2021-39127

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report