Broken Access Control in Custom Fields feature of Atlassian Jira Service Management Server and Data Center (versions before 4.21.0) allows unauthorized access to private objects

Broken Access Control in Custom Fields feature of Atlassian Jira Service Management Server and Data Center (versions before 4.21.0) allows unauthorized access to private objects

CVE-2021-43949 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature. The affected versions are before version 4.21.0.

Learn more about our Cis Benchmark Audit For Server Software.