-
Public Security Vulnerability
-
Resolution: Fixed
-
Low
-
8.21.0, 8.20.5
-
None
-
3
-
Low
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to bypass WebSudo validation in order to change the Base URL of a Jira instance via a Broken Access Control vulnerability in the /rest/api/2/settings/baseUrl endpoint.
The affected versions are before version 8.13.18, from version 8.14.0 before 8.20.6, and from version 8.21.0 before 8.22.0.
Affected versions:
- version < 8.13.18
- 8.14.0 ≤ version < 8.20.6
- 8.21.0 ≤ version < 8.22.0
Fixed versions:
- 8.13.18
- 8.20.6
- 8.22.0