Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature. The affected versions are before version 4.21.0.

Related CVEs

CVE-2021-43949

Key Information

GHSA ID

GHSA-6v7j-h4h2-4p86

Published

January 11, 2022 12:00 AM

Last Modified

January 15, 2022 12:03 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 28, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.