6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-26074

GHSA ID

GHSA-cpcr-74q9-74gp

EPSS Score

0.49113%

CWE

CWE-287

Published

5/10/2021

Updated

2/1/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-26074

CVE-2021-26074: Broken Authentication in Atlassian Connect Spring Boot

Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3. Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions between 1.1.0 - 2.1.2 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app.

(GitHub Advisory)

6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-26074

GHSA ID

GHSA-cpcr-74q9-74gp

EPSS Score

0.49113%

CWE

CWE-287

Published

5/10/2021

Updated

2/1/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
com.atlassian.connect:atlassian-connect-spring-boot-starter	maven	>= 1.1.0, < 2.1.3	2.1.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper JWT type validation in lifecycle endpoints. Key authentication functions like JwtAuthenticationFilter.attemptAuthentication would process malicious context JWTs without proper server-to-server checks. The JwtVerification class's verify method would be invoked during this process, lacking QSH claim validation specific to context JWTs. These functions appear in stack traces when processing installation events, making them visible in runtime profilers during exploitation. The high confidence for JwtAuthenticationFilter comes from its central role in authentication flow, while JwtVerification has medium confidence due to indirect evidence from community code examples.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*rok*n *ut**nti**tion in *tl*ssi*n *onn**t Sprin* *oot (**S*) *rom v*rsion *.*.* ***or* v*rsion *.*.*. *tl*ssi*n *onn**t Sprin* *oot is * J*v* Sprin* *oot p**k*** *or *uil*in* *tl*ssi*n *onn**t *pps. *ut**nti**tion **tw**n *tl*ssi*n pro*u*ts *n* t**

Reasoning

T** vuln*r**ility st*ms *rom improp*r JWT typ* v*li**tion in li***y*l* *n*points. K*y *ut**nti**tion *un*tions lik* Jwt*ut**nti**tion*ilt*r.*tt*mpt*ut**nti**tion woul* pro**ss m*li*ious *ont*xt JWTs wit*out prop*r s*rv*r-to-s*rv*r ****ks. T** JwtV*ri

6.5

Basic Information

Concerned about an active attack path?

CVE-2021-26074: Broken Authentication in Atlassian Connect Spring Boot

6.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI