CVE-2021-41313

Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.20.1.
References
Link Resource
https://jira.atlassian.com/browse/JRASERVER-72898 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

History

25 Apr 2022, 18:06

Type Values Removed Values Added
CPE cpe:2.3:a:atlassian:jira_software_data_center:*:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
First Time Atlassian jira Server
Atlassian jira Data Center
CWE CWE-862 NVD-CWE-Other

28 Feb 2022, 01:15

Type Values Removed Values Added
Summary Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.21.0. Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.20.1.

02 Nov 2021, 17:31

Type Values Removed Values Added
References (N/A) https://jira.atlassian.com/browse/JRASERVER-72898 - (N/A) https://jira.atlassian.com/browse/JRASERVER-72898 - Issue Tracking, Vendor Advisory
CPE cpe:2.3:a:atlassian:jira_software_data_center:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 4.3
CWE CWE-862

01 Nov 2021, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-11-01 03:15

Updated : 2022-04-25 18:06


NVD link : CVE-2021-41313

Mitre link : CVE-2021-41313


JSON object : View

Products Affected

atlassian

  • jira_server
  • jira_data_center