First published: Wed Dec 08 2021(Updated: )
Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project via a Broken Authentication vulnerability in the /plugins/servlet/audit/resource endpoint. The affected versions of Jira Server and Data Center are before version 8.19.1.
Credit: security@atlassian.com security@atlassian.com
Affected Software | Affected Version | How to fix |
---|---|---|
Atlassian Jira Software Data Center | <8.19.1 | |
<8.19.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2021-41309.
The severity level of CVE-2021-41309 is medium with a CVSS score of 5.3.
Affected versions of Atlassian Jira Server and Data Center include Jira Software Data Center up to version 8.19.1.
This vulnerability allows a user with revoked Jira Service Management access to export audit logs of another user's Jira Service Management project through a Broken Authentication vulnerability in the /plugins/servlet/audit/resource endpoint.
Yes, Atlassian has released a fix for this vulnerability. It is recommended to upgrade to a fixed version of Atlassian Jira Server or Data Center.