CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-26077

HIGH
8.8
CVSS Severity Score
EPSS Score0.1650%
EPSS Percentile28.63th
Published2021年5月10日
Last Modified2025年2月12日

Vulnerability Description

Broken Authentication in Atlassian Connect Spring Boot (ACSB) in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions 1.1.0 before 2.1.3 and versions 2.1.4 before 2.1.5 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app.

Affected Platforms (CPE)

📦
Atlassian

Connect Spring Boot

>= 1.1.0 and < 2.1.3
📦
Atlassian

Connect Spring Boot

>= 2.1.4 and < 2.1.5

References & Advisories

🔗 https://community.developer.atlassian.com/t/action-required-atlassian-connect-vulnerability-allows-bypass-of-app-qsh-verification-via-context-jwts/47072
🔗 https://confluence.atlassian.com/pages/viewpage.action?pageId=1063555147
🔗 https://community.developer.atlassian.com/t/action-required-atlassian-connect-vulnerability-allows-bypass-of-app-qsh-verification-via-context-jwts/47072
🔗 https://confluence.atlassian.com/pages/viewpage.action?pageId=1063555147

相关漏洞威胁

CVE-2021-260746.5

Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Bo...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...

CVE-2026-121895.3

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzm...