Rewterz Threat Advisory – Multiple Atlassian products Vulnerabilities
July 29, 2022Rewterz Threat Alert – Snake Keylogger’s Malware– Active IOCs
July 29, 2022Rewterz Threat Advisory – Multiple Atlassian products Vulnerabilities
July 29, 2022Rewterz Threat Alert – Snake Keylogger’s Malware– Active IOCs
July 29, 2022Severity
Medium
Analysis Summary
CVE-2021-43959
Atlassian Jira Service Management Server and Data Center are vulnerable to server-side request forgery, caused by a flaw in the CSV importing feature of JSM Insight. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to access the content of internal network resources.
Impact
- Information Disclsoure
Indicators Of Compromise
CVE
- CVE-2021-43959
Affected Vendors
Atlassian
Affected Products
- Atlassian Jira Service Management Server and Data Center 4.14.0
- Atlassian Jira Service Management Server and Data Center 4.21.0
- Atlassian Jira Service Management Server and Data Center 4.13
Remediation
Upgrade to the latest version of Jira Service Management Server and Data Center, available from the Atlassian Website.