CVE-2021-43946
First published: Wed Jan 05 2022(Updated: )
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.13.21, and from version 8.14.0 before 8.20.9.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Jira Data Center | <8.13.21 | |
| Atlassian Jira Data Center | >=8.14.0<8.20.9 | |
| Atlassian Jira Server | <8.13.21 | |
| Atlassian Jira Server | >=8.14.0<8.20.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Atlassian Jira Server and Data Center vulnerability?
The vulnerability ID for this Atlassian Jira Server and Data Center vulnerability is CVE-2021-43946.
What is the severity of CVE-2021-43946?
The severity of CVE-2021-43946 is medium with a CVSS score of 6.5.
How can authenticated remote attackers exploit CVE-2021-43946?
Authenticated remote attackers can exploit CVE-2021-43946 by adding administrator groups to filter subscriptions via the /secure/EditSubscription.jspa endpoint.
Which versions of Atlassian Jira Server and Data Center are affected by CVE-2021-43946?
Versions before 8.13.21 and from 8.14.0 to 8.20.9 of Atlassian Jira Server and Data Center are affected by CVE-2021-43946.
Is there a fix available for CVE-2021-43946?
Yes, the fix for CVE-2021-43946 is to upgrade to version 8.13.21 or higher for versions before 8.14.0, or to upgrade to version 8.20.9 or higher for versions between 8.14.0 and 8.20.9.
- collector/nvd-index
- vendor/atlassian
- canonical/atlassian jira data center
- version/atlassian jira data center/8.14.0
- canonical/atlassian jira server
- version/atlassian jira server/8.14.0