-
Public Security Vulnerability
-
Resolution: Fixed
-
Low
-
8.5.18, 8.13.10, 8.19.0
-
None
-
7.5
-
High
-
CVE-2021-41311
Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects' Users & Roles settings, via a Broken Authentication vulnerability in the /plugins/servlet/project-config/PROJECT/roles endpoint.
The affected versions are before version 8.19.1.
Affected versions:
- version < 8.19.1
Fixed versions:
- 8.19.1