Auth bypass in Atlassian Jira Data Center

CVE-2021-41308

Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa`…

EPSS: 0.001 (34.7th percentile) — read the EPSS interpretation.

Affected products

Atlassian Jira Data Center — versions unspecified, 8.7.0, 8.14.0
Atlassian Jira Server — versions unspecified, 8.7.0, 8.14.0

Weakness classification (CWE)

CWE-285 — Improper Authorization

References

jira.atlassian.com/browse/JRASERVER-72940 (x_refsource_MISC)