CVE-2021-39112
CVE-2021-39112
In short
Atlassian Jira's Project Shortcuts feature has a vulnerability that allows attackers to trick users into visiting malicious websites through a technique called reverse tabnapping. This happens because the application doesn't properly secure links when opening them in new browser tabs.
Technical detail
A reverse tabnapping vulnerability in the Project Shortcuts feature allows remote attackers to redirect users to attacker-controlled URLs. The vulnerability exists due to insufficient validation of URL targets and improper use of the 'target' attribute in link generation, enabling an attacker to manipulate the window.opener property and redirect the original tab after the user navigates to a new tab.
Summary generated and translated by AI from the official description.
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from version 8.14.0 before 8.17.1, and from version 8.18.0 before 8.18.1.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →