FAQ
How could an attacker exploit this vulnerability? An unauthenticated attacker (PR:N) could exploit this vulnerability by running a script to access a targeted Jira server over the internet.
MSRC compact vulnerability detail
CVE-2024-21401 · Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability
No description was published by MSRC.
Signals
Azure Active Directory
Elevation of Privilege
Exploited: No
Publicly disclosed: No
Exploitability: Exploitation Less Likely
CWE
Patch Diff
Loading module diff metadata...
Resolved binary override
Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.
Description
No description was published by MSRC.
FAQ / Articles
FAQ
Is there any action I need to take to be protected from this vulnerability? Customers running the Azure AD Jira sso plugin need to update to version 1.1.2 from the Microsoft Download Center or from Atlassian Marketplace.
FAQ
What privileges could an attacker gain with successful exploitation of this vulnerability? An attacker does not need to login to exploit this vulnerability. Exploiting this vulnerability could allow an attacker to fully update Entra ID SAML metadata and info for the plugin. The attacker could then change the authentication of the application to their tenant as needed.