exploitDog

CVE-2021-41311

Опубликовано: 08 дек. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects' Users & Roles settings, via a Broken Authentication vulnerability in the /plugins/servlet/project-config/PROJECT/roles endpoint. The affected versions are before version 8.19.1.

Ссылки

https://jira.atlassian.com/browse/JRASERVER-72802
Vendor Advisory
https://jira.atlassian.com/browse/JRASERVER-72802
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:atlassian:jira_software_data_center:*:*:*:*:*:*:*:*

Версия до 8.19.1 (исключая)

EPSS

Процентиль: 41%

0.00188

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-287

CWE-287

Связанные уязвимости

GHSA-7fxq-g996-6g8m

CVSS3: 7.5

github

около 4 лет назад

Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects' Users & Roles settings, via a Broken Authentication vulnerability in the /plugins/servlet/project-config/PROJECT/roles endpoint. The affected versions are before version 8.19.1.

EPSS

Процентиль: 41%

0.00188

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-287

CWE-287