Vulnerability DatabaseCVE-2021-43948

CVE-2021-43948:
Jira Service Management vulnerability analysis and mitigation

Overview

CVE-2021-43948 affects Atlassian Jira Service Management Server and Data Center versions before 4.21.0. The vulnerability allows authenticated remote attackers to view the names of private objects through an Improper Authorization vulnerability in the "Move objects" feature (Vendor Advisory).

Technical details

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and no user interaction, resulting in low confidentiality impact with no impact on integrity or availability (NVD).

Impact

The vulnerability allows authenticated attackers to view the names of private objects that they should not have access to, resulting in an information disclosure issue. This could potentially expose sensitive information contained in object names to unauthorized users (Vendor Advisory).

Mitigation and workarounds

The vulnerability has been fixed in Jira Service Management version 4.21.0. Organizations using affected versions should upgrade to version 4.21.0 or later to address this security issue (Vendor Advisory).

Additional resources

Source: This report was generated using AI

Related Jira Service Management vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2022-1471	CRITICAL	9.8	IBM Db2	cpe:2.3:a:atlassian:jira_service_management	No	Yes	Dec 01, 2022
CVE-2023-22501	CRITICAL	9.1	Jira Service Management	cpe:2.3:a:atlassian:jira_service_desk	No	Yes	Feb 01, 2023
CVE-2024-21683	HIGH	8.8	Atlassian Fisheye & Crucible	cpe:2.3:a:atlassian:crucible	No	Yes	May 21, 2024
CVE-2025-22157	HIGH	7.2	JIRA	cpe:2.3:a:atlassian:jira	No	Yes	May 20, 2025
CVE-2022-36800	MEDIUM	4.3	Jira Service Management	cpe:2.3:a:atlassian:jira_service_management	No	Yes	Aug 03, 2022