Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature. The affected versions are before version 4.21.0.
2022-01-10T16:15:09.587
2024-11-21T06:30:04.100
Modified
CVSSv3.1: 4.3 (MEDIUM)
AV:N/AC:L/Au:S/C:P/I:N/A:N
8.0
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | atlassian | jira_service_management | < 4.21.0 | Yes |
Application | atlassian | jira_service_management | < 4.21.0 | Yes |