CVE-2024-21685 — Vulnetix

CVE-2024-21685 PUBLISHED CVSS 7.400000095367432 HIGH

This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information Disclosure vulnerability which has high impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Jira Core customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Data Center |Affected versions|Fixed versions| |from 9.15.0 to 9.15.2|9.16.0| |from 9.14.0 to 9.14.1|9.16.0| |from 9.13.0 to 9.13.1|9.16.0| |from 9.12.0 to 9.12.7 LTS|9.16.0 or 9.12.8 LTS recommended| |from 9.11.0 to 9.11.3|9.16.0 or 9.12.8 LTS recommended| |from 9.10.0 to 9.10.2|9.16.0 or 9.12.8 LTS recommended| |from 9.9.0 to 9.9.2|9.16.0 or 9.12.8 LTS recommended| |from 9.8.0 to 9.8.2|9.16.0 or 9.12.8 LTS recommended| |from 9.7.0 to 9.7.2|9.16.0 or 9.12.8 LTS recommended| |from 9.6.0 to 9.6.2|9.16.0 or 9.12.8 LTS recommended| |from 9.5.0 to 9.5.1|9.16.0 or 9.12.8 LTS recommended| |from 9.4.0 to 9.4.20 LTS|9.16.0 or 9.4.21 LTS or 9.12.8 LTS recommended| |from 9.3.0 to 9.3.3|9.16.0 or 9.4.21 LTS or 9.12.8 LTS recommended| |from 9.2.0 to 9.2.1|9.16.0 or 9.4.21 LTS or 9.12.8 LTS recommended| |from 9.1.0 to 9.1.1|9.16.0 or 9.4.21 LTS or 9.12.8 LTS recommended| |9.0.0|9.16.0 or 9.4.21 LTS or 9.12.8 LTS recommended| |Any earlier versions|9.16.0 or 9.4.21 LTS or 9.12.8 LTS recommended| Server |Affected versions|Fixed versions| |from 9.12.0 to 9.12.7 LTS|9.12.8 LTS recommended| |from 9.11.0 to 9.11.3|9.12.8 LTS recommended| |from 9.10.0 to 9.10.2|9.12.8 LTS recommended| |from 9.9.0 to 9.9.2|9.12.8 LTS recommended| |from 9.8.0 to 9.8.2|9.12.8 LTS recommended| |from 9.7.0 to 9.7.2|9.12.8 LTS recommended| |from 9.6.0 to 9.6.2|9.12.8 LTS recommended| |from 9.5.0 to 9.5.1|9.12.8 LTS recommended| |from 9.4.0 to 9.4.20 LTS|9.4.21 LTS or 9.12.8 LTS recommended| |from 9.3.0 to 9.3.3|9.4.21 LTS or 9.12.8 LTS recommended| |from 9.2.0 to 9.2.1|9.4.21 LTS or 9.12.8 LTS recommended| |from 9.1.0 to 9.1.1|9.4.21 LTS or 9.12.8 LTS recommended| |9.0.0|9.4.21 LTS or 9.12.8 LTS recommended| |Any earlier versions|9.4.21 LTS or 9.12.8 LTS recommended| See the release notes. You can download the latest version of Jira Core Data Center from the download center. This vulnerability was found internally.

EPSS 0.98% · 77.1th percentile

Risk Scores

CVSS v3.0

7.400000095367432

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

EPSS Score

0.98%

77.1th percentile

Affected Products

Vendor	Product	Versions
Atlassian	Jira Service Management Data Center
Atlassian	Jira Core Data Center
Atlassian	Jira Service Management Server

Timeline

Jun 18, 2024 CVE Published
Jun 19, 2024 EPSS Score
Jul 12, 2024 EPSS Score
Aug 3, 2024 EPSS Score
Aug 26, 2024 EPSS Score
Sep 18, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Nov 2, 2024 EPSS Score
Nov 25, 2024 EPSS Score
Dec 19, 2024 EPSS Score
Jan 10, 2025 EPSS Score
Feb 2, 2025 EPSS Score

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›