Loading...

XML

Word

Printable

Details

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low
Fix Version/s: 8.21.0, 8.13.21, 8.20.9
Affects Version/s: 8.19.0, 8.20.0
Component/s: None
Labels:

CVSS Score:
5
CVSS Severity:
Medium
CVE ID:
CVE-2021-43946

Description

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint.

The affected versions are before version 8.13.21, and from version 8.14.0 before 8.20.9.

Affected versions:

version < 8.13.21
8.14.0 ≤ version < 8.20.9

Fixed versions:

8.13.21
8.20.9
8.21.0

Attachments

Issue Links

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

relates to: JSEC-1038 Loading...

(9 mentioned in, 1 relates to)

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 81 Start watching this issue

Dates

Created:: 30/Nov/2021 6:48 PM

Updated:: 21/Feb/2023 3:40 PM

Resolved:: 05/Jan/2022 3:40 AM