Lucene search
Security-metrics-botATLASSIAN:JRASERVER-72940HistoryOct 25, 2021 - 1:26 a.m.
Non-administrators can edit the File Replication settings - CVE-2021-41308
2021-10-2501:26:05
security-metrics-bot
jira.atlassian.com
23
0.001 Low
EPSS
Percentile
38.7%
Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the ReplicationSettings!default.jspa endpoint.
The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1.
Affected versions:
- version < 8.6.0
- 8.7.0 ≤ version < 8.13.12
- 8.14.0 ≤ version < 8.20.1
Fixed versions:
- 8.6.0
- 8.13.12
- 8.20.1
- 8.21.0
Related
nvd
nvd
CVE-2021-41308
2021-10-26 05:15:07
nessus
nessus
atlassian
atlassian
Non-administrators can edit the File Replication settings - CVE-2021-41308
2021-10-25 01:26:05
cve
cve
CVE-2021-41308
2021-10-26 05:15:07
cvelist
cvelist
CVE-2021-41308
2021-10-25 00:00:00
prion
prion
Improper access control
2021-10-26 05:15:00