CVE-2021-41308
published 2021-10-26CVE-2021-41308: Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | jira | < 8.6.0 | 8.6.0 |
| atlassian | jira_data_center | >= 8.14.0 < unspecified | unspecified |
| atlassian | jira_data_center | >= 8.7.0 < unspecified | unspecified |
| atlassian | jira_data_center | >= 8.7.0 < 8.13.12 | 8.13.12 |
| atlassian | jira_data_center | >= unspecified < 8.6.0 | 8.6.0 |
| atlassian | jira_data_center | >= unspecified < 8.13.12 | 8.13.12 |
| atlassian | jira_data_center | >= unspecified < 8.20.1 | 8.20.1 |
| atlassian | jira_server | >= 8.14.0 < unspecified | unspecified |
| atlassian | jira_server | >= 8.14.0 < 8.20.1 | 8.20.1 |
| atlassian | jira_server | >= 8.7.0 < unspecified | unspecified |
| atlassian | jira_server | >= 8.7.0 < 8.13.12 | 8.13.12 |
| atlassian | jira_server | >= unspecified < 8.6.0 | 8.6.0 |
| atlassian | jira_server | >= unspecified < 8.13.12 | 8.13.12 |
| atlassian | jira_server | >= unspecified < 8.20.1 | 8.20.1 |
| atlassian | jira_software_data_center | < 8.6.0 | 8.6.0 |
| atlassian | jira_software_data_center | >= 8.14.0 < 8.20.1 | 8.20.1 |