CVE-2021-41313 — Improper Authorization in Atlassian Jira Data Center

CWE-285 — Improper Authorization CWE-862 — Missing Authorization3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 65.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Jira Data Center Atlassian Jira Server

Timeline

PublishedNov 1

Latest updateMay 24

Description

Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.20.7.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5atlassian/jira_data_centerunspecified — 8.20.7

▶NVDatlassian/jira_data_center< 8.20.7

▶CVEListV5atlassian/jira_serverunspecified — 8.20.7

▶NVDatlassian/jira_server< 8.20.7

🔴Vulnerability Details

GHSA

GHSA-5pjh-5gpx-359v: Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via a↗2022-05-24

▶

CVEList

CVE-2021-41313: Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via a↗2021-11-01

▶