CVE-2021-43946
published 2022-01-05CVE-2021-43946: Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.13.21, and from version 8.14.0 before 8.20.9.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | jira_data_center | < 8.13.21 | 8.13.21 |
| atlassian | jira_data_center | >= 8.14.0 < unspecified | unspecified |
| atlassian | jira_data_center | >= 8.14.0 < 8.20.9 | 8.20.9 |
| atlassian | jira_data_center | >= unspecified < 8.13.21 | 8.13.21 |
| atlassian | jira_data_center | >= unspecified < 8.20.9 | 8.20.9 |
| atlassian | jira_server | < 8.13.21 | 8.13.21 |
| atlassian | jira_server | >= 8.14.0 < unspecified | unspecified |
| atlassian | jira_server | >= 8.14.0 < 8.20.9 | 8.20.9 |
| atlassian | jira_server | >= unspecified < 8.13.21 | 8.13.21 |
| atlassian | jira_server | >= unspecified < 8.20.9 | 8.20.9 |