CVE-2021-43951: 
Jira Service Management vulnerability analysis and mitigation

CVE-2021-43951 is an Information Disclosure vulnerability affecting Atlassian Jira Service Management Server and Data Center. The vulnerability was discovered and disclosed in December 2021, allowing authenticated remote attackers to view object import configuration details through the Create Object type mapping feature. The affected versions are those before version 4.21.0 (Atlassian Support, MITRE CVE).

The vulnerability is classified as an Information Disclosure issue in the Create Object type mapping feature of Jira Service Management Server and Data Center. It has been assigned a CVSS Score of 3.1, categorizing it as Low severity. The vulnerability specifically affects the object import configuration functionality, allowing authenticated users to access configuration details that should be restricted (JSDSERVER Ticket).

The vulnerability enables authenticated remote attackers to view sensitive object import configuration details that should not be accessible to them. While the impact is limited to information disclosure, it could potentially expose sensitive configuration data to unauthorized but authenticated users (MITRE CVE).

The vulnerability has been fixed in Jira Service Management version 4.21.0. Organizations running affected versions (before 4.21.0) should upgrade to version 4.21.0 or later to mitigate this security issue (Atlassian Support).