CVE-2021-41308
First published: Tue Oct 26 2021(Updated: )
Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1.
Credit: security@atlassian.com security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian JIRA | <8.6.0 | |
| Atlassian Jira Data Center | >=8.7.0<8.13.12 | |
| Atlassian Jira Server | >=8.7.0<8.13.12 | |
| Atlassian Jira Server | >=8.14.0<8.20.1 | |
| Atlassian Jira Software Data Center | <8.6.0 | |
| Atlassian Jira Software Data Center | >=8.14.0<8.20.1 | |
| <8.6.0 | ||
| >=8.7.0<8.13.12 | ||
| >=8.7.0<8.13.12 | ||
| >=8.14.0<8.20.1 | ||
| <8.6.0 | ||
| >=8.14.0<8.20.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-41308.
What is the affected software for this vulnerability?
The affected software for this vulnerability includes Atlassian Jira Server, Atlassian Jira Data Center, and Atlassian Jira Software Data Center.
What is the severity rating of CVE-2021-41308?
The severity rating of CVE-2021-41308 is medium.
How can an authenticated yet non-administrator attacker exploit this vulnerability?
An authenticated yet non-administrator attacker can exploit this vulnerability by editing the File Replication settings via the `ReplicationSettings!default.jspa` endpoint.
Which versions of the affected software are vulnerable?
Versions of Atlassian Jira Server and Data Center before version 8.6.0, as well as versions between 8.7.0 and 8.13.12 (inclusive) for Atlassian Jira Data Center and versions between 8.14.0 and 8.20.1 (inclusive) for Atlassian Jira Server are vulnerable.
- collector/nvd-index
- agent/type
- agent/references
- agent/severity
- agent/remedy
- agent/weakness
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/atlassian
- canonical/atlassian jira
- canonical/atlassian jira data center
- version/atlassian jira data center/8.7.0
- canonical/atlassian jira server
- version/atlassian jira server/8.7.0
- version/atlassian jira server/8.14.0
- canonical/atlassian jira software data center
- version/atlassian jira software data center/8.14.0