CVE-2021-41306

Name of the Vulnerable Software and Affected Versions Atlassian Jira Server and Data Center versions prior to 8.13.12 Atlassian Jira Server and Data Center versions 8.14.0 through 8.19.9

Description The issue allows anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget.

Recommendations For versions prior to 8.13.12, update to version 8.13.12 or later. For versions 8.14.0 through 8.19.9, update to version 8.20.0 or later. As a temporary workaround, consider restricting access to the Average Time in Status Gadget until a patch is available.