-
Public Security Vulnerability
-
Resolution: Fixed
-
Low (View bug fix roadmap)
-
8.5.0, 8.13.0
-
4.3
-
Medium
-
CVE-2021-41313
Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint.
The affected versions are before version 8.20.7.
Affected versions:
- version < 8.20.7
Fixed versions:
- 8.20.7
- 8.21.0
The description of this issue incorrectly stated that the fix for 8.20.x was published in version 8.20.1. This was incorrect and should be version 8.20.7. I've now updated the description to the correct version.
The Mitre CVE record will be updated shortly.