CVE-2021-39121: 
JIRA vulnerability analysis and mitigation

Atlassian Jira Server and Data Center were affected by an Information Disclosure vulnerability tracked as CVE-2021-39121. The vulnerability allows authenticated remote attackers to enumerate the keys of private Jira projects through the /rest/api/latest/projectvalidate/key endpoint. The affected versions include installations before version 8.5.18, versions from 8.6.0 to before 8.13.10, and versions from 8.14.0 to before 8.18.2 (Atlassian Advisory, NVD).

The vulnerability received a CVSS v3.1 Base Score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. This scoring indicates that the vulnerability requires network access, low attack complexity, and low privileges to exploit, with no user interaction needed. The impact is limited to confidentiality, with no effects on integrity or availability (NVD).

The vulnerability allows attackers to discover the keys of private Jira projects, potentially exposing sensitive project information. This information disclosure could lead to unauthorized knowledge of private project existence and their associated keys (Atlassian Advisory).

Atlassian has released fixed versions to address this vulnerability. Users should upgrade to version 8.5.18, 8.13.10, or 8.18.2 depending on their current version track (Atlassian Advisory).