How severe is CVE-2021-26073?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.7 out of 10.

What type of vulnerability is CVE-2021-26073?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2021-26073 - HIGH Severity | CVSS 7.7

Vulnerability Description

Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Express versions from 3.0.2 before 6.6.0 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app.

Related Vulnerabilities

CVE-2015-7974

HIGH

CVSS:7.7(High)

NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an...

CWE-2872015

CVE-2018-7340

HIGH

CVSS:7.7(High)

Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without ...

CWE-2872018

CVE-2024-57490

HIGH

CVSS:7.7(High)

Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login vulnerability. An attacker can log in to any system account including the system administrator through a logical flaw.

CWE-2872024

CVE-2025-2230

HIGH

CVSS:7.7(High)

A flaw exists in the Windows login flow where an AuthContext token can be exploited for replay attacks and authentication bypass.

CWE-2872025

CVE-2011-4338

HIGH

CVSS:7.8(High)

Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact th...

CWE-2872011

CVE-2013-5582

HIGH

CVSS:7.8(High)

Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extr...

CWE-2872013