CVE-2021-41312

CWE-287Improper Authentication3 documents3 sources
Severity
7.5HIGH
EPSS
0.3%
top 45.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Atlassian Jira Data CenterAtlassian Jira ServerAtlassian Data Center+1 more
Timeline
PublishedNov 3
Latest updateMay 24

Description

Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors endpoint. The affected versions are before version 8.19.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5atlassian/jira_data_centerunspecified8.19.1
CVEListV5atlassian/jira_serverunspecified8.19.1
NVDatlassian/jira< 8.19.1
NVDatlassian/data_center< 8.19.1

Patches

Patch: jira.atlassian.comPatch: jira.atlassian.com

🔴Vulnerability Details

2
GHSA
GHSA-3jcc-h3px-2j9f: Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to en2022-05-24
CVEList
CVE-2021-41312: Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to en2021-11-03
CVE-2021-41312 (HIGH CVSS 7.5) | Affected versions of Atlassian Jira | cvebase.io