CVE-2021-41312

Name of the Vulnerable Software and Affected Versions Atlassian Jira Server and Data Center versions prior to 8.19.1

Description The issue allows a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the "/secure/ViewCollectors" endpoint.

Recommendations For versions prior to 8.19.1, update to version 8.19.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/secure/ViewCollectors" endpoint until a patch is applied.