CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41309
https://notcve.org/view.php?id=CVE-2021-41309
Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project via a Broken Authentication vulnerability in the /plugins/servlet/audit/resource endpoint. The affected versions of Jira Server and Data Center are before version 8.19.1. Las versiones afectadas de Atlassian Jira Server y Data Center permiten que un usuario al que le es revocado el acceso a Jira Service Management exporte registros de auditoría del proyecto de Jira Service Management de otro usuario por medio de una vulnerabilidad de Autenticación Rota en el endpoint /plugins/servlet/audit/resource. Las versiones afectadas de Jira Server y Data Center son anteriores a la versión 8.19.1 • https://jira.atlassian.com/browse/JRASERVER-72803 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41312
https://notcve.org/view.php?id=CVE-2021-41312
Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors endpoint. The affected versions are before version 8.19.1. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a un atacante remoto al que le ha sido revocado el acceso a Jira Service Management habilitar y deshabilitar Issue Collectors en proyectos de Jira Service Management por medio de una vulnerabilidad de Autenticación Inapropiada en el endpoint /secure/ViewCollectors. Las versiones afectadas son anteriores a versión 8.19.1 • https://jira.atlassian.com/browse/JRASERVER-72801 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-41310
https://notcve.org/view.php?id=CVE-2021-41310
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Associated Projects feature (/secure/admin/AssociatedProjectsForCustomField.jspa). The affected versions are before version 8.5.19, from version 8.6.0 before 8.13.11, and from version 8.14.0 before 8.19.1. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos anónimos inyectar HTML o JavaScript arbitrarios por medio de una vulnerabilidad de tipo Cross-Site Scripting (XSS) en la funcionalidad Associated Projects (/secure/admin/AssociatedProjectsForCustomField.jspa). Las versiones afectadas son anteriores a 8.5.19, desde la versión 8.6.0 anterior a 8.13.11, y desde la versión 8.14.0 anterior a 8.19.1 • https://jira.atlassian.com/browse/JRASERVER-72800 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41313
https://notcve.org/view.php?id=CVE-2021-41313
Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.20.7. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a los atacantes remotos autenticados pero no administradores editar las configuraciones de los lotes de correo electrónico a través de una vulnerabilidad de Autorización Impropia en el punto final /secure/admin/ConfigureBatching!default.jspa. • https://jira.atlassian.com/browse/JRASERVER-72898 • CWE-285: Improper Authorization •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-41308
https://notcve.org/view.php?id=CVE-2021-41308
Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos autenticados pero no administradores editar la configuración de la Replicación de Archivos por medio de una vulnerabilidad de Control de Acceso Rotativo en el endpoint "ReplicationSettings!default.jspa". • https://jira.atlassian.com/browse/JRASERVER-72940 • CWE-285: Improper Authorization •