Auth bypass in Atlassian Jira Data Center

CVE-2021-41313

Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jsp…

EPSS: 0.001 (34.7th percentile) — read the EPSS interpretation.

Affected products

Atlassian Jira Data Center — versions unspecified
Atlassian Jira Server — versions unspecified

Weakness classification (CWE)

CWE-285 — Improper Authorization

References

jira.atlassian.com/browse/JRASERVER-72898