Rewterz

Rewterz Threat Advisory – Multiple Atlassian products Vulnerabilities

July 29, 2022
Rewterz

Rewterz Threat Alert – Snake Keylogger’s Malware– Active IOCs

July 29, 2022

Rewterz Threat Advisory –CVE-2021-43959 – Atlassian Jira Service Management Server and Data Center Server Vulnerability

Severity

Medium

Analysis Summary

CVE-2021-43959

Atlassian Jira Service Management Server and Data Center are vulnerable to server-side request forgery, caused by a flaw in the CSV importing feature of JSM Insight. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to access the content of internal network resources.

Impact

  • Information Disclsoure

Indicators Of Compromise

CVE

  • CVE-2021-43959

Affected Vendors

Atlassian

Affected Products

  • Atlassian Jira Service Management Server and Data Center 4.14.0
  • Atlassian Jira Service Management Server and Data Center 4.21.0
  • Atlassian Jira Service Management Server and Data Center 4.13

Remediation

Upgrade to the latest version of Jira Service Management Server and Data Center, available from the Atlassian Website.

Atlassian Website

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.