← volver
CVE-2021-41311

CVE-2021-41311

CVSS 7.5 HIGHEPSS 0.8%CWE-287
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.5EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
08 dic 2021Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects' Users & Roles settings, via a Broken Authentication vulnerability in the /plugins/servlet/project-config/PROJECT/roles endpoint. The affected versions are before version 8.19.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Productos afectados
Atlassian · Jira Data CenterAtlassian · Jira Server

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://jira.atlassian.com/browse/JRASERVER-72802