CVE-2021-41308 (GCVE-0-2021-41308)
Vulnerability from cvelistv5 – Published: 2021-10-26 04:15 – Updated: 2024-10-09 19:23
VLAI?
Summary
Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1.
Severity ?
No CVSS data available.
CWE
- CWE-285 - Improper Authorization (CWE-285)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Atlassian | Jira Server |
Affected:
unspecified , < 8.6.0
(custom)
Affected: 8.7.0 , < unspecified (custom) Affected: unspecified , < 8.13.12 (custom) Affected: 8.14.0 , < unspecified (custom) Affected: unspecified , < 8.20.1 (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:08:31.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/JRASERVER-72940"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-41308",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:23:07.362491Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:23:22.782Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jira Server",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "8.6.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.7.0",
"versionType": "custom"
},
{
"lessThan": "8.13.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.14.0",
"versionType": "custom"
},
{
"lessThan": "8.20.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Jira Data Center",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "8.6.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.7.0",
"versionType": "custom"
},
{
"lessThan": "8.13.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.14.0",
"versionType": "custom"
},
{
"lessThan": "8.20.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization (CWE-285)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-26T04:15:22",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/JRASERVER-72940"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2021-10-25T00:00:00",
"ID": "CVE-2021-41308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.6.0"
},
{
"version_affected": "\u003e=",
"version_value": "8.7.0"
},
{
"version_affected": "\u003c",
"version_value": "8.13.12"
},
{
"version_affected": "\u003e=",
"version_value": "8.14.0"
},
{
"version_affected": "\u003c",
"version_value": "8.20.1"
}
]
}
},
{
"product_name": "Jira Data Center",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.6.0"
},
{
"version_affected": "\u003e=",
"version_value": "8.7.0"
},
{
"version_affected": "\u003c",
"version_value": "8.13.12"
},
{
"version_affected": "\u003e=",
"version_value": "8.14.0"
},
{
"version_affected": "\u003c",
"version_value": "8.20.1"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization (CWE-285)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/JRASERVER-72940",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/JRASERVER-72940"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2021-41308",
"datePublished": "2021-10-26T04:15:22.911855Z",
"dateReserved": "2021-09-16T00:00:00",
"dateUpdated": "2024-10-09T19:23:22.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.6.0\", \"matchCriteriaId\": \"D3F0ABD5-1124-4508-8F66-18F27B041CB6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.7.0\", \"versionEndExcluding\": \"8.13.12\", \"matchCriteriaId\": \"7429FCC4-C94E-4757-BCF1-BE73814F247D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.7.0\", \"versionEndExcluding\": \"8.13.12\", \"matchCriteriaId\": \"9B23960C-64BE-419D-855F-2F8EAB17327D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.14.0\", \"versionEndExcluding\": \"8.20.1\", \"matchCriteriaId\": \"3F1DF517-D59D-4BB7-98E5-83AC2D1A24E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:jira_software_data_center:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.6.0\", \"matchCriteriaId\": \"A15DCC83-66F0-4495-AF87-3EBA4A295E2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:jira_software_data_center:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.14.0\", \"versionEndExcluding\": \"8.20.1\", \"matchCriteriaId\": \"CB294011-AB4E-4BC6-AB35-7E54C33B237C\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1.\"}, {\"lang\": \"es\", \"value\": \"Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos autenticados pero no administradores editar la configuraci\\u00f3n de la Replicaci\\u00f3n de Archivos por medio de una vulnerabilidad de Control de Acceso Rotativo en el endpoint \\\"ReplicationSettings!default.jspa\\\". Las versiones afectadas son anteriores a la versi\\u00f3n 8.6.0, desde la versi\\u00f3n 8.7.0 anteriores a 8.13.12, y desde la versi\\u00f3n 8.14.0 antes de la 8.20.1\"}]",
"id": "CVE-2021-41308",
"lastModified": "2024-11-21T06:26:01.140",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:P/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-10-26T05:15:07.477",
"references": "[{\"url\": \"https://jira.atlassian.com/browse/JRASERVER-72940\", \"source\": \"security@atlassian.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://jira.atlassian.com/browse/JRASERVER-72940\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "security@atlassian.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security@atlassian.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-285\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-41308\",\"sourceIdentifier\":\"security@atlassian.com\",\"published\":\"2021-10-26T05:15:07.477\",\"lastModified\":\"2024-11-21T06:26:01.140\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1.\"},{\"lang\":\"es\",\"value\":\"Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos autenticados pero no administradores editar la configuraci\u00f3n de la Replicaci\u00f3n de Archivos por medio de una vulnerabilidad de Control de Acceso Rotativo en el endpoint \\\"ReplicationSettings!default.jspa\\\". Las versiones afectadas son anteriores a la versi\u00f3n 8.6.0, desde la versi\u00f3n 8.7.0 anteriores a 8.13.12, y desde la versi\u00f3n 8.14.0 antes de la 8.20.1\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@atlassian.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-285\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.6.0\",\"matchCriteriaId\":\"D3F0ABD5-1124-4508-8F66-18F27B041CB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.7.0\",\"versionEndExcluding\":\"8.13.12\",\"matchCriteriaId\":\"7429FCC4-C94E-4757-BCF1-BE73814F247D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.7.0\",\"versionEndExcluding\":\"8.13.12\",\"matchCriteriaId\":\"9B23960C-64BE-419D-855F-2F8EAB17327D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.14.0\",\"versionEndExcluding\":\"8.20.1\",\"matchCriteriaId\":\"3F1DF517-D59D-4BB7-98E5-83AC2D1A24E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_software_data_center:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.6.0\",\"matchCriteriaId\":\"A15DCC83-66F0-4495-AF87-3EBA4A295E2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_software_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.14.0\",\"versionEndExcluding\":\"8.20.1\",\"matchCriteriaId\":\"CB294011-AB4E-4BC6-AB35-7E54C33B237C\"}]}]}],\"references\":[{\"url\":\"https://jira.atlassian.com/browse/JRASERVER-72940\",\"source\":\"security@atlassian.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://jira.atlassian.com/browse/JRASERVER-72940\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://jira.atlassian.com/browse/JRASERVER-72940\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T03:08:31.936Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-41308\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-09T19:23:07.362491Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-09T19:23:16.975Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Atlassian\", \"product\": \"Jira Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.6.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.7.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.13.12\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.14.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.20.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Atlassian\", \"product\": \"Jira Data Center\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.6.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.7.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.13.12\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.14.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.20.1\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2021-10-25T00:00:00\", \"references\": [{\"url\": \"https://jira.atlassian.com/browse/JRASERVER-72940\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-285\", \"description\": \"Improper Authorization (CWE-285)\"}]}], \"providerMetadata\": {\"orgId\": \"f08a6ab8-ed46-4c22-8884-d911ccfe3c66\", \"shortName\": \"atlassian\", \"dateUpdated\": \"2021-10-26T04:15:22\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"8.6.0\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"8.7.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"8.13.12\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"8.14.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"8.20.1\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"Jira Server\"}, {\"version\": {\"version_data\": [{\"version_value\": \"8.6.0\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"8.7.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"8.13.12\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"8.14.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"8.20.1\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"Jira Data Center\"}]}, \"vendor_name\": \"Atlassian\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://jira.atlassian.com/browse/JRASERVER-72940\", \"name\": \"https://jira.atlassian.com/browse/JRASERVER-72940\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Improper Authorization (CWE-285)\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-41308\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"security@atlassian.com\", \"DATE_PUBLIC\": \"2021-10-25T00:00:00\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2021-41308\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-09T19:23:22.782Z\", \"dateReserved\": \"2021-09-16T00:00:00\", \"assignerOrgId\": \"f08a6ab8-ed46-4c22-8884-d911ccfe3c66\", \"datePublished\": \"2021-10-26T04:15:22.911855Z\", \"assignerShortName\": \"atlassian\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…