CVE-2021-41309

CWE-287Improper Authentication3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 59.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Atlassian Jira Data CenterAtlassian Jira ServerAtlassian Jira Software Data Center
Timeline
PublishedDec 8
Latest updateDec 9

Description

Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project via a Broken Authentication vulnerability in the /plugins/servlet/audit/resource endpoint. The affected versions of Jira Server and Data Center are before version 8.19.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

CVEListV5atlassian/jira_data_centerunspecified8.19.1
CVEListV5atlassian/jira_serverunspecified8.19.1

🔴Vulnerability Details

2
GHSA
GHSA-r365-w92w-v4hv: Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs2021-12-09
CVEList
CVE-2021-41309: Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs2021-12-08
CVE-2021-41309 (MEDIUM CVSS 5.3) | Affected versions of Atlassian Jira | cvebase.io