CVE-2021-41309

Name of the Vulnerable Software and Affected Versions Atlassian Jira Server and Data Center versions prior to 8.19.1

Description The issue allows a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project via a Broken Authentication vulnerability in the "/plugins/servlet/audit/resource" endpoint.

Recommendations For versions prior to 8.19.1, update to version 8.19.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/plugins/servlet/audit/resource" endpoint until a patch is applied.