CVE-2024-21685

Name of the Vulnerable Software and Affected Versions Jira Core Data Center versions 9.4.0 through 9.15.0 Jira Core Data Center version 9.12.0

Description The issue is related to insufficient protection of internal data in Atlassian Jira Data Center and Jira Server, allowing a remote attacker to gain unauthorized access to protected information. This Information Disclosure issue allows an unauthenticated attacker to view sensitive information, which has a high impact on confidentiality. The vulnerability was found internally and requires user interaction.

Recommendations For Jira Core Data Center 9.4: Upgrade to a release greater than or equal to 9.4.21 For Jira Core Data Center 9.12: Upgrade to a release greater than or equal to 9.12.8 For Jira Core Data Center 9.16: Upgrade to a release greater than or equal to 9.16.0 As a temporary workaround, consider restricting access to sensitive information until a patch is available.