CVE-2021-26074 - OpenCVE

Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions from version 1.1.0 before version 2.1.3 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Atlassian	Connect Spring Boot

Configuration 1 [-]

cpe:2.3:a:atlassian:connect_spring_boot:*:*:*:*:*:*:*:*

References

Link	Resource
https://community.developer.atlassian.com/t/action-required-atlassian-connect-vulnerability-allows-bypass-of-app-qsh-verification-via-context-jwts/47072	Vendor Advisory
https://confluence.atlassian.com/pages/viewpage.action?pageId=1051986106	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: atlassian

Published: 2021-04-13T00:00:00

Updated: 2022-02-23T03:45:15

Reserved: 2021-01-25T00:00:00

Link: CVE-2021-26074

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-04-16T03:15:12.113

Modified: 2022-03-01T16:25:40.350

Link: CVE-2021-26074

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "Atlassian Connect Spring Boot (ACSB)", "vendor": "Atlassian", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "1.1.0", "versionType": "custom"}, {"lessThan": "2.1.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-04-13T00:00:00", "descriptions": [{"lang": "en", "value": "Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions from version 1.1.0 before version 2.1.3 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app."}], "problemTypes": [{"descriptions": [{"description": "Broken Authentication", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-02-23T03:45:15", "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1051986106"}, {"tags": ["x_refsource_MISC"], "url": "https://community.developer.atlassian.com/t/action-required-atlassian-connect-vulnerability-allows-bypass-of-app-qsh-verification-via-context-jwts/47072"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2021-04-13T00:00:00", "ID": "CVE-2021-26074", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Atlassian Connect Spring Boot (ACSB)", "version": {"version_data": [{"version_affected": ">=", "version_value": "1.1.0"}, {"version_affected": "<", "version_value": "2.1.3"}]}}]}, "vendor_name": "Atlassian"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions from version 1.1.0 before version 2.1.3 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Broken Authentication"}]}]}, "references": {"reference_data": [{"name": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1051986106", "refsource": "MISC", "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1051986106"}, {"name": "https://community.developer.atlassian.com/t/action-required-atlassian-connect-vulnerability-allows-bypass-of-app-qsh-verification-via-context-jwts/47072", "refsource": "MISC", "url": "https://community.developer.atlassian.com/t/action-required-atlassian-connect-vulnerability-allows-bypass-of-app-qsh-verification-via-context-jwts/47072"}]}}}}, "cveMetadata": {"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "assignerShortName": "atlassian", "cveId": "CVE-2021-26074", "datePublished": "2021-04-13T00:00:00", "dateReserved": "2021-01-25T00:00:00", "dateUpdated": "2022-02-23T03:45:15", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:connect_spring_boot:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AA2CBC2-F9F4-4F3C-8446-D995F1D8AE2E", "versionEndExcluding": "2.1.3", "versionStartIncluding": "1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions from version 1.1.0 before version 2.1.3 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app."}, {"lang": "es", "value": "Autenticaci\u00f3n rota en Atlassian Connect Spring Boot (ACSB) desde la versi\u00f3n 1.1.0 versiones anteriores a 2.1.3: Atlassian Connect Spring Boot es un paquete Java Spring Boot para crear aplicaciones de Atlassian Connect. La autenticaci\u00f3n entre los productos de Atlassian y la aplicaci\u00f3n Atlassian Connect Spring Boot se produce con un JWT de servidor a servidor o un JWT de contexto. Las versiones de Atlassian Connect Spring Boot desde la versi\u00f3n 1.1.0 versiones anteriores a 2.1.3 aceptan err\u00f3neamente JWTs de contexto en los puntos finales del ciclo de vida (como la instalaci\u00f3n) cuando solo deber\u00edan aceptarse JWTs de servidor a servidor, lo que permite a un atacante enviar eventos de reinstalaci\u00f3n autenticados a una aplicaci\u00f3n"}], "id": "CVE-2021-26074", "lastModified": "2022-03-01T16:25:40.350", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-16T03:15:12.113", "references": [{"source": "security@atlassian.com", "tags": ["Vendor Advisory"], "url": "https://community.developer.atlassian.com/t/action-required-atlassian-connect-vulnerability-allows-bypass-of-app-qsh-verification-via-context-jwts/47072"}, {"source": "security@atlassian.com", "tags": ["Vendor Advisory"], "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1051986106"}], "sourceIdentifier": "security@atlassian.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}