CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-26074

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.0640%
EPSS Percentile14.19th
Published2021年4月16日
Last Modified2025年2月12日

Vulnerability Description

Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions from version 1.1.0 before version 2.1.3 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app.

Affected Platforms (CPE)

📦
Atlassian

Connect Spring Boot

>= 1.1.0 and < 2.1.3

References & Advisories

🔗 https://community.developer.atlassian.com/t/action-required-atlassian-connect-vulnerability-allows-bypass-of-app-qsh-verification-via-context-jwts/47072
🔗 https://confluence.atlassian.com/pages/viewpage.action?pageId=1051986106
🔗 https://community.developer.atlassian.com/t/action-required-atlassian-connect-vulnerability-allows-bypass-of-app-qsh-verification-via-context-jwts/47072
🔗 https://confluence.atlassian.com/pages/viewpage.action?pageId=1051986106

関連する脆弱性情報

CVE-2021-260778.8

Broken Authentication in Atlassian Connect Spring Boot (ACSB) in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: A...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...

CVE-2026-121895.3

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzm...