{"vulnerability": "cve-2021-4395", "sightings": [{"uuid": "6893749f-f54c-41dc-b0e7-1cb6588b5771", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43952", "type": "seen", "source": "https://t.me/cibsecurity/37475", "content": "\u203c CVE-2021-43952 \u203c\n\nAffected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint. The affected versions are before version 8.21.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-15T07:33:49.000000Z"}, {"uuid": "811090a4-23e1-4ddf-9a40-814aa166fe70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43950", "type": "seen", "source": "https://t.me/cibsecurity/37474", "content": "\u203c CVE-2021-43950 \u203c\n\nAffected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import source configuration information via a Broken Access Control vulnerability in the Insight Import Source feature. The affected versions are before version 4.21.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-15T07:33:47.000000Z"}, {"uuid": "c0d2af8d-7b67-4b3c-a977-6fef4260cedc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43958", "type": "seen", "source": "https://t.me/cibsecurity/39011", "content": "\u203c CVE-2021-43958 \u203c\n\nVarious rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials for authentication via a improper restriction of excess authentication attempts vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-16T06:20:04.000000Z"}, {"uuid": "ac67acc9-0aba-47f6-8e9d-4e7798422be4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43957", "type": "seen", "source": "https://t.me/cibsecurity/39009", "content": "\u203c CVE-2021-43957 \u203c\n\nAffected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-16T06:19:59.000000Z"}, {"uuid": "cbdf0193-e3c1-49f0-a702-909372afe71d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43955", "type": "seen", "source": "https://t.me/cibsecurity/39008", "content": "\u203c CVE-2021-43955 \u203c\n\nThe /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-16T06:19:58.000000Z"}, {"uuid": "0b7e52ce-88e0-4997-ba8a-e2a8d636fc2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43956", "type": "seen", "source": "https://t.me/cibsecurity/39010", "content": "\u203c CVE-2021-43956 \u203c\n\nThe jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-16T06:20:00.000000Z"}, {"uuid": "8114a184-f622-4044-ac94-f95eac5290d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43953", "type": "seen", "source": "https://t.me/cibsecurity/37478", "content": "\u203c CVE-2021-43953 \u203c\n\nAffected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.21.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-15T07:33:52.000000Z"}]}