• Type: Public Security Vulnerability
• Resolution: Fixed
• Priority: Low (View bug fix roadmap)
• Fix Version/s: 8.13.19, 8.20.7, 8.22.1
• Affects Version/s: 8.5.0, 8.13.0
• Component/s: Security
• Labels:

  • CVE-2021-41313
  • advisory
  • advisory-released
  • dont-import
  • security

[JRASERVER-72898] Privilege escalation leads unauthorized user to edit email batch configurations - CVE-2021-41313

Collapse comment: AB added a comment - 27/Sep/2022 11:52 PM

AB added a comment - 27/Sep/2022 11:52 PM

The description of this issue incorrectly stated that the fix for 8.20.x was published in version 8.20.1. This was incorrect and should be version 8.20.7. I've now updated the description to the correct version.

The Mitre CVE record will be updated shortly.

Expand comment: AB added a comment - 27/Sep/2022 11:52 PM

AB added a comment - 27/Sep/2022 11:52 PM The description of this issue incorrectly stated that the fix for 8.20.x was published in version 8.20.1. This was incorrect and should be version 8.20.7. I've now updated the description to the correct version. The Mitre CVE record will be updated shortly.

Collapse comment: Team Infra & ITSec added a comment - 28/Jul/2022 4:48 PM

Team Infra & ITSec added a comment - 28/Jul/2022 4:48 PM

How exactly can you claim that it's fixed in version 8.20.1 when it was released in 8.20.7? This is inconsistent information...

Expand comment: Team Infra & ITSec added a comment - 28/Jul/2022 4:48 PM

Team Infra & ITSec added a comment - 28/Jul/2022 4:48 PM How exactly can you claim that it's fixed in version 8.20.1 when it was released in 8.20.7? This is inconsistent information...

Collapse comment: AB added a comment - 23/Feb/2022 10:58 PM, Edited by AB - 24/Feb/2022 2:23 AM

AB added a comment - 23/Feb/2022 10:58 PM - edited

A fix for this issue has been published for 8.20.x in version 8.20.1.

The Mitre CVE record will be updated shortly.

Expand comment: AB added a comment - 23/Feb/2022 10:58 PM, Edited by AB - 24/Feb/2022 2:23 AM

AB added a comment - 23/Feb/2022 10:58 PM - edited A fix for this issue has been published for 8.20.x in version 8.20.1. The Mitre CVE record will be updated shortly.

Collapse comment: Brad Taplin added a comment - 15/Feb/2022 7:09 PM

Brad Taplin added a comment - 15/Feb/2022 7:09 PM

Concur with others: Please fix in the LTS 8.20.x. 

Expand comment: Brad Taplin added a comment - 15/Feb/2022 7:09 PM

Brad Taplin added a comment - 15/Feb/2022 7:09 PM Concur with others: Please fix in the LTS 8.20.x. 

Collapse comment: Harald Maierhofer added a comment - 20/Jan/2022 2:13 PM, Edited by Harald Maierhofer - 20/Jan/2022 2:13 PM

Harald Maierhofer added a comment - 20/Jan/2022 2:13 PM - edited

Dear support team, 
as already mentioned by a number of users above I would like to renew the question and highlight the need of a fix in the LTS branch 8.20.x.
You have released 8.20.4 some day ago, unfortunalety I cannot see any releated fix in the release note.
Sum up, is it planned?
When is the planned release date?
Thanks.

Expand comment: Harald Maierhofer added a comment - 20/Jan/2022 2:13 PM, Edited by Harald Maierhofer - 20/Jan/2022 2:13 PM

Harald Maierhofer added a comment - 20/Jan/2022 2:13 PM - edited Dear support team,  as already mentioned by a number of users above I would like to renew the question and highlight the need of a fix in the LTS branch 8.20.x. You have released 8.20.4 some day ago, unfortunalety I cannot see any releated fix in the release note. Sum up, is it planned? When is the planned release date? Thanks.

Collapse comment: Ingo Fernges added a comment - 06/Dec/2021 3:19 PM

Ingo Fernges added a comment - 06/Dec/2021 3:19 PM

Why should we use a LTS version, if there is no update for vulnerabilities? The vulnerability has been known for at least 2 months. 
When is an update for 8.20.x available? It shouldn't be a problem to backport it.

Expand comment: Ingo Fernges added a comment - 06/Dec/2021 3:19 PM

Ingo Fernges added a comment - 06/Dec/2021 3:19 PM Why should we use a LTS version, if there is no update for vulnerabilities? The vulnerability has been known for at least 2 months.  When is an update for 8.20.x available? It shouldn't be a problem to backport it.

Collapse comment: Frank Dicks added a comment - 02/Dec/2021 10:02 AM

Frank Dicks added a comment - 02/Dec/2021 10:02 AM

In our company we need the fix in the LTS version. Please fix in the LTS 8.20.x. 

Expand comment: Frank Dicks added a comment - 02/Dec/2021 10:02 AM

Frank Dicks added a comment - 02/Dec/2021 10:02 AM In our company we need the fix in the LTS version. Please fix in the LTS 8.20.x. 

Collapse comment: Kevin added a comment - 30/Nov/2021 4:27 PM

Kevin added a comment - 30/Nov/2021 4:27 PM

Will this be backported to 8.20.x LTS?

Expand comment: Kevin added a comment - 30/Nov/2021 4:27 PM

Kevin added a comment - 30/Nov/2021 4:27 PM Will this be backported to 8.20.x LTS?

Collapse comment: Russell Berry added a comment - 29/Nov/2021 1:57 PM, Edited by Russell Berry - 29/Nov/2021 2:03 PM

Russell Berry added a comment - 29/Nov/2021 1:57 PM - edited

Flagged in Qualys as QID 730261

Expand comment: Russell Berry added a comment - 29/Nov/2021 1:57 PM, Edited by Russell Berry - 29/Nov/2021 2:03 PM

Russell Berry added a comment - 29/Nov/2021 1:57 PM - edited Flagged in Qualys as QID 730261

Collapse comment: Matt Wilks added a comment - 08/Nov/2021 6:59 PM

Matt Wilks added a comment - 08/Nov/2021 6:59 PM

Please add an LTS fix.

Expand comment: Matt Wilks added a comment - 08/Nov/2021 6:59 PM

Matt Wilks added a comment - 08/Nov/2021 6:59 PM Please add an LTS fix.

Load more older comments