CVE-2021-43959

Name of the Vulnerable Software and Affected Versions Atlassian Jira Service Management Server and Data Center versions prior to 4.13.20 Atlassian Jira Service Management Server and Data Center versions 4.14.0 through 4.20.8 Atlassian Jira Service Management Server and Data Center versions 4.21.0 through 4.22.2

Description The vulnerability is related to insufficient server-side request checking in the CSV import feature of JSM Insight, allowing a remote attacker to perform a Server-Side Request Forgery (SSRF) attack. This flaw can be used to access internal network resources, including metadata resources that provide access credentials and other potentially confidential information, especially in environments like Amazon EC2.

Recommendations For versions prior to 4.13.20, update to version 4.13.20 or later. For versions 4.14.0 through 4.20.8, update to version 4.20.8 or later. For versions 4.21.0 through 4.22.2, update to version 4.22.2 or later. As a temporary workaround, consider restricting access to the CSV importing feature of JSM Insight until a patch is applied.