CVE-2024-47875 — Vulnetix

CVE-2024-47875 PUBLISHED CVSS 10 CRITICAL

This is a vulnerability in a non-Atlassian Jira dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity nesting-based mXSS (mutation Cross-Site Scripting) vulnerability was introduced in version 10.3.0 of Jira Software Data Center and Server. This vulnerability, with a CVSS Score of 10 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H Atlassian recommends that Jira Software Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Jira Software Data Center and Server 10.3: Upgrade to a release greater than or equal to 10.3.13 See the release notes (https://www.atlassian.com/software/jira/download-archives). You can download the latest version of Jira Software Data Center and Server from the download center (https://www.atlassian.com/software/jira/download-archives).

EPSS 0.70% · 71.8th percentile

Risk Scores

CVSS v3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

EPSS Score

0.70%

71.8th percentile

Affected Products

Vendor	Product	Versions
Atlassian	Jira Software Data Center
Atlassian	Jira Service Management Data Center
Atlassian	Jira Software Server
Atlassian	Jira Service Management Server

Timeline

Jan 21, 1970 Security Advisory
Oct 11, 2024 CVE Published
Oct 12, 2024 EPSS Score
Oct 14, 2024 Coalition ESS Score
Oct 16, 2024 Coalition ESS Score
Oct 30, 2024 EPSS Score
Nov 17, 2024 EPSS Score
Dec 25, 2024 EPSS Score
Jan 12, 2025 EPSS Score
Jan 30, 2025 EPSS Score
Feb 17, 2025 EPSS Score
Mar 17, 2025 EPSS Score

References

Open in Interactive Console →