CVE-2021-41309
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project via a Broken Authentication vulnerability in the /plugins/servlet/audit/resource endpoint. The affected versions of Jira Server and Data Center are before version 8.19.1.
Las versiones afectadas de Atlassian Jira Server y Data Center permiten que un usuario al que le es revocado el acceso a Jira Service Management exporte registros de auditoría del proyecto de Jira Service Management de otro usuario por medio de una vulnerabilidad de Autenticación Rota en el endpoint /plugins/servlet/audit/resource. Las versiones afectadas de Jira Server y Data Center son anteriores a la versión 8.19.1
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2021-09-16 CVE Reserved
- 2021-12-08 CVE Published
- 2024-07-12 EPSS Updated
- 2024-10-10 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://jira.atlassian.com/browse/JRASERVER-72803 | 2021-12-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Atlassian Search vendor "Atlassian" | Jira Software Data Center Search vendor "Atlassian" for product "Jira Software Data Center" | < 8.19.1 Search vendor "Atlassian" for product "Jira Software Data Center" and version " < 8.19.1" | - |
Affected
|