-
Public Security Vulnerability
-
Resolution: Fixed
-
Low (View bug fix roadmap)
-
8.5.0, 8.13.0
-
4.3
-
Medium
-
CVE-2021-41313
Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint.
The affected versions are before version 8.20.7.
Affected versions:
- version < 8.20.7
Fixed versions:
- 8.20.7
- 8.21.0
[JRASERVER-72898] Privilege escalation leads unauthorized user to edit email batch configurations - CVE-2021-41313
| Remote Link | New: This issue links to "Page (Confluence)" [ 733515 ] |
| Component/s | New: Security [ 68109 ] |
| Labels | Original: CVE-2021-41313 advisory advisory-to-release dont-import security | New: CVE-2021-41313 advisory advisory-released dont-import security |
| Status | Original: Published [ 12873 ] | New: Published [ 12873 ] |
| Description |
Original:
Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint.
The affected versions are before version 8.20.1. *Affected versions:* * version < 8.20.1 *Fixed versions:* * 8.20.1 * 8.21.0 |
New:
Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint.
The affected versions are before version 8.20.7. *Affected versions:* * version < 8.20.7 *Fixed versions:* * 8.20.7 * 8.21.0 |
How exactly can you claim that it's fixed in version 8.20.1 when it was released in 8.20.7? This is inconsistent information...
| Fix Version/s | Original: 8.20.1 [ 97808 ] | |
| Fix Version/s | Original: 8.21.0 [ 97591 ] | |
| Fix Version/s | New: 8.13.19 [ 99492 ] | |
| Fix Version/s | New: 8.20.7 [ 99493 ] | |
| Fix Version/s | New: 8.22.1 [ 99792 ] |
| Description |
Original:
Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint.
The affected versions are before version 8.20.0. *Affected versions:* * version < 8.20.0 *Fixed versions:* * 8.20.0 * 8.21.0 |
New:
Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint.
The affected versions are before version 8.20.1. *Affected versions:* * version < 8.20.1 *Fixed versions:* * 8.20.1 * 8.21.0 |
| Fix Version/s | Original: 8.20.0 [ 95692 ] | |
| Fix Version/s | New: 8.20.1 [ 97808 ] |
The description of this issue incorrectly stated that the fix for 8.20.x was published in version 8.20.1. This was incorrect and should be version 8.20.7. I've now updated the description to the correct version.
The Mitre CVE record will be updated shortly.