CVE-2021-26070
📋 TL;DR
This Broken Authentication vulnerability in Atlassian Jira allows remote attackers to bypass firewall protections for app-linked resources via the makeRequest gadget. Attackers can access internal resources that should be restricted behind the firewall. Affected organizations are those running vulnerable versions of Jira Server or Data Center.
💻 Affected Systems
- Atlassian Jira Server
- Atlassian Jira Data Center
📦 What is this software?
Data Center by Atlassian
Data Center by Atlassian
Jira by Atlassian
Jira Server by Atlassian
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain unauthorized access to internal network resources, sensitive data, or administrative functions that should be protected behind the firewall.
Likely Case
Unauthorized access to internal Jira resources, potential data leakage, or privilege escalation within the Jira environment.
If Mitigated
Limited impact with proper network segmentation and access controls, though authentication bypass remains possible.
🎯 Exploit Status
Exploitation is straightforward and doesn't require authentication, making it attractive to attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.13.3 or 8.14.1
Vendor Advisory: https://jira.atlassian.com/browse/JRASERVER-72029
Restart Required: Yes
Instructions:
1. Backup your Jira instance. 2. Download and install Jira version 8.13.3 or 8.14.1 from Atlassian downloads. 3. Follow standard upgrade procedures. 4. Restart Jira service.
🔧 Temporary Workarounds
Disable vulnerable gadget
allRemove or disable the makeRequest gadget resource to prevent exploitation
Consult Atlassian documentation for gadget management procedures
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Jira from sensitive internal resources
- Deploy web application firewall (WAF) rules to block suspicious gadget requests
🔍 How to Verify
Check if Vulnerable:
Check Jira version via Admin → System → System Info, or run: java -jar atlassian-jira/WEB-INF/lib/jira-core-*.jar --versionCheck Version:
java -jar atlassian-jira/WEB-INF/lib/jira-core-*.jar --versionVerify Fix Applied:
Confirm version is 8.13.3 or higher (excluding 8.14.0) or 8.14.1 or higher📡 Detection & Monitoring
Log Indicators:
- Unusual requests to gadget resources
- Failed authentication attempts followed by successful resource access
- Access to internal resources from unexpected IPs
Network Indicators:
- HTTP requests to /rest/gadget/1.0/makeRequest with suspicious parameters
- Traffic bypassing expected authentication flows
SIEM Query:
source="jira.log" AND ("makeRequest" OR "/rest/gadget/1.0/") AND NOT user="authenticated_user"