CVE-2021-41311

CVE-2021-41311

Vendor Atlassian
Product Jira Server
Weakness CWE-287 · Improper authentication
Published December 8, 2021
Last update October 10, 2024

CVSS base score

What the vulnerability does

01Description

Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects' Users & Roles settings, via a Broken Authentication vulnerability in the /plugins/servlet/project-config/PROJECT/roles endpoint. The affected versions are before version 8.19.1.

Key dates

02Disclosure timeline

December 8, 2021 CVE published
October 10, 2024 Record updated