diff --git a/2021/41xxx/CVE-2021-41304.json b/2021/41xxx/CVE-2021-41304.json index 586b761131c..55698a80c36 100644 --- a/2021/41xxx/CVE-2021-41304.json +++ b/2021/41xxx/CVE-2021-41304.json @@ -1,88 +1,91 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2021-10-25T00:00:00", - "ID": "CVE-2021-41304", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira Server", - "version": { - "version_data": [ - { - "version_value": "8.13.12", - "version_affected": "<" - }, - { - "version_value": "8.14.0", - "version_affected": ">=" - }, - { - "version_value": "8.20.1", - "version_affected": "<" - } - ] - } - },{ - "product_name": "Jira Data Center", - "version": { - "version_data": [ - { - "version_value": "8.13.12", - "version_affected": "<" - }, - { - "version_value": "8.14.0", - "version_affected": ">=" - }, - { - "version_value": "8.20.1", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.1." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2021-10-25T00:00:00", + "ID": "CVE-2021-41304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.13.12", + "version_affected": "<" + }, + { + "version_value": "8.14.0", + "version_affected": ">=" + }, + { + "version_value": "8.20.1", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Jira Data Center", + "version": { + "version_data": [ + { + "version_value": "8.13.12", + "version_affected": "<" + }, + { + "version_value": "8.14.0", + "version_affected": ">=" + }, + { + "version_value": "8.20.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-72939" - } - ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-72939", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-72939" + } + ] + } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41305.json b/2021/41xxx/CVE-2021-41305.json index 1986d614134..e2456f69531 100644 --- a/2021/41xxx/CVE-2021-41305.json +++ b/2021/41xxx/CVE-2021-41305.json @@ -1,72 +1,75 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2021-10-25T00:00:00", - "ID": "CVE-2021-41305", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira Server", - "version": { - "version_data": [ - { - "version_value": "8.13.12", - "version_affected": "<" - } - ] - } - },{ - "product_name": "Jira Data Center", - "version": { - "version_data": [ - { - "version_value": "8.13.12", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR) vulnerability in the Average Number of Times in Status Gadget. The affected versions are before version 8.13.12.." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Insecure Direct Object References (IDOR)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2021-10-25T00:00:00", + "ID": "CVE-2021-41305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.13.12", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Jira Data Center", + "version": { + "version_data": [ + { + "version_value": "8.13.12", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-72813" - } - ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR) vulnerability in the Average Number of Times in Status Gadget. The affected versions are before version 8.13.12.." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Direct Object References (IDOR)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-72813", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-72813" + } + ] + } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41306.json b/2021/41xxx/CVE-2021-41306.json index fb82092d587..53ec30ff5ff 100644 --- a/2021/41xxx/CVE-2021-41306.json +++ b/2021/41xxx/CVE-2021-41306.json @@ -1,88 +1,91 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2021-10-25T00:00:00", - "ID": "CVE-2021-41306", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira Server", - "version": { - "version_data": [ - { - "version_value": "8.13.12", - "version_affected": "<" - }, - { - "version_value": "8.14.0", - "version_affected": ">=" - }, - { - "version_value": "8.20.0", - "version_affected": "<" - } - ] - } - },{ - "product_name": "Jira Data Center", - "version": { - "version_data": [ - { - "version_value": "8.13.12", - "version_affected": "<" - }, - { - "version_value": "8.14.0", - "version_affected": ">=" - }, - { - "version_value": "8.20.0", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Insecure Direct Object References (IDOR)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2021-10-25T00:00:00", + "ID": "CVE-2021-41306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.13.12", + "version_affected": "<" + }, + { + "version_value": "8.14.0", + "version_affected": ">=" + }, + { + "version_value": "8.20.0", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Jira Data Center", + "version": { + "version_data": [ + { + "version_value": "8.13.12", + "version_affected": "<" + }, + { + "version_value": "8.14.0", + "version_affected": ">=" + }, + { + "version_value": "8.20.0", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-72915" - } - ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Direct Object References (IDOR)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-72915", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-72915" + } + ] + } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41307.json b/2021/41xxx/CVE-2021-41307.json index 1fe032317af..8269bf0718d 100644 --- a/2021/41xxx/CVE-2021-41307.json +++ b/2021/41xxx/CVE-2021-41307.json @@ -1,70 +1,72 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2021-10-25T00:00:00", - "ID": "CVE-2021-41307", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira Server", - "version": { - "version_data": [ - { - "version_value": "8.13.12", - "version_affected": "<" - }, - { - "version_value": "8.14.0", - "version_affected": ">=" - }, - { - "version_value": "8.20.0", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (IDOR) vulnerability in the Workload Pie Chart Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Insecure Direct Object References (IDOR)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2021-10-25T00:00:00", + "ID": "CVE-2021-41307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.13.12", + "version_affected": "<" + }, + { + "version_value": "8.14.0", + "version_affected": ">=" + }, + { + "version_value": "8.20.0", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-72916" - } - ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (IDOR) vulnerability in the Workload Pie Chart Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Direct Object References (IDOR)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-72916", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-72916" + } + ] + } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41308.json b/2021/41xxx/CVE-2021-41308.json index 8c7f84ee26a..26654f12af7 100644 --- a/2021/41xxx/CVE-2021-41308.json +++ b/2021/41xxx/CVE-2021-41308.json @@ -1,104 +1,107 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2021-10-25T00:00:00", - "ID": "CVE-2021-41308", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira Server", - "version": { - "version_data": [ - { - "version_value": "8.6.0", - "version_affected": "<" - }, - { - "version_value": "8.7.0", - "version_affected": ">=" - }, - { - "version_value": "8.13.12", - "version_affected": "<" - }, - { - "version_value": "8.14.0", - "version_affected": ">=" - }, - { - "version_value": "8.20.1", - "version_affected": "<" - } - ] - } - },{ - "product_name": "Jira Data Center", - "version": { - "version_data": [ - { - "version_value": "8.6.0", - "version_affected": "<" - }, - { - "version_value": "8.7.0", - "version_affected": ">=" - }, - { - "version_value": "8.13.12", - "version_affected": "<" - }, - { - "version_value": "8.14.0", - "version_affected": ">=" - }, - { - "version_value": "8.20.1", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Improper Authorization (CWE-285)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2021-10-25T00:00:00", + "ID": "CVE-2021-41308", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.6.0", + "version_affected": "<" + }, + { + "version_value": "8.7.0", + "version_affected": ">=" + }, + { + "version_value": "8.13.12", + "version_affected": "<" + }, + { + "version_value": "8.14.0", + "version_affected": ">=" + }, + { + "version_value": "8.20.1", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Jira Data Center", + "version": { + "version_data": [ + { + "version_value": "8.6.0", + "version_affected": "<" + }, + { + "version_value": "8.7.0", + "version_affected": ">=" + }, + { + "version_value": "8.13.12", + "version_affected": "<" + }, + { + "version_value": "8.14.0", + "version_affected": ">=" + }, + { + "version_value": "8.20.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-72940" - } - ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization (CWE-285)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-72940", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-72940" + } + ] + } } \ No newline at end of file