PT-2021-21885 · Atlassian · Confluence+4
Published
2021-08-02
·
Updated
2021-08-11
·
CVE-2021-37843
CVSS v3.1
9.8
Critical
| Vector | AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N |
Name of the Vulnerable Software and Affected Versions:
Jira versions prior to 3.6.6.1, 4.0.12, 5.0.5
Confluence versions prior to 3.6.6, 4.0.12, 5.0.5
Bitbucket versions prior to 2.5.9, 3.6.6, 4.0.12, 5.0.5
Bamboo versions prior to 2.5.9, 3.6.6, 4.0.12, 5.0.5
Fisheye versions prior to 2.5.9
Description:
The SAML SSO apps for Atlassian products allow a remote attacker to login to a user account when only the
username is known, without requiring any other authentication.Recommendations:
For Jira versions prior to 3.6.6.1, 4.0.12, 5.0.5, update to version 3.6.6.1, 4.0.12, or 5.0.5.
For Confluence versions prior to 3.6.6, 4.0.12, 5.0.5, update to version 3.6.6, 4.0.12, or 5.0.5.
For Bitbucket versions prior to 2.5.9, 3.6.6, 4.0.12, 5.0.5, update to version 2.5.9, 3.6.6, 4.0.12, or 5.0.5.
For Bamboo versions prior to 2.5.9, 3.6.6, 4.0.12, 5.0.5, update to version 2.5.9, 3.6.6, 4.0.12, or 5.0.5.
For Fisheye versions prior to 2.5.9, update to version 2.5.9.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bamboo
Bitbucket
Confluence
Fisheye
Jira