How severe is CVE-2021-43959?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.7 out of 10.

What type of vulnerability is CVE-2021-43959?

This is classified as CWE-918, which is a common weakness in software security.

CVE-2021-43959 - MEDIUM Severity | CVSS 5.7

Vulnerability Description

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of JSM Insight. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information. The affected versions are before version 4.13.20, from version 4.14.0 before 4.20.8, and from version 4.21.0 before 4.22.2.

Related Vulnerabilities

CVE-2020-4632

MEDIUM

CVSS:5.7(Medium)

IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to sub...

CWE-9182020

CVE-2023-47635

MEDIUM

CVSS:5.7(Medium)

Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates previe...

CWE-9182023

CVE-2016-4046

MEDIUM

CVSS:5.8(Medium)

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the...

CWE-9182016

CVE-2017-7200

MEDIUM

CVSS:5.8(Medium)

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to...

CWE-9182017

CVE-2018-15516

MEDIUM

CVSS:5.8(Medium)

The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.

CWE-9182018

CVE-2019-11767

MEDIUM

CVSS:5.8(Medium)

Server side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function.

CWE-9182019