← Back

CVE-2021-37843

nvd nist
Published: Aug 2, 2021Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

The resolution SAML SSO apps for Atlassian products allow a remote attacker to login to a user account when only the username is known (i.e., no other authentication is provided). The fixed versions are for Jira: 3.6.6.1, 4.0.12, 5.0.5; for Confluence 3.6.6, 4.0.12, 5.0.5; for Bitbucket 2.5.9, 3.6.6, 4.0.12, 5.0.5; for Bamboo 2.5.9, 3.6.6, 4.0.12, 5.0.5; and for Fisheye 2.5.9.

Affected (16)

Atlassian
1 product
Saml Single Sign On
Configuration A
16 vulnerable
Vulnerable SoftwareAffected Versions
Atlassian
Saml Single Sign On
Before 2.5.9
Saml Single Sign On
From 3.0.0 to 3.6.6
Saml Single Sign On
From 4.0.0 to 4.0.12
Saml Single Sign On
From 5.0.0 to 5.0.5
Saml Single Sign On
Before 2.5.9
Saml Single Sign On
From 3.0.0 to 3.6.6
Saml Single Sign On
From 4.0.0 to 4.0.12
Saml Single Sign On
From 5.0.0 to 5.0.5
Saml Single Sign On
Before 3.5.6
Saml Single Sign On
From 3.6.0 to 3.6.6.1
Saml Single Sign On
From 4.0.0 to 4.0.12
Saml Single Sign On
From 5.0.0 to 5.0.5
Saml Single Sign On
Before 2.5.9
Saml Single Sign On
Before 3.6.6.1
Saml Single Sign On
From 4.0.0 to 4.0.12
Saml Single Sign On
From 5.0.0 to 5.0.5

Related CWEs

CWE-306
Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.