Description
Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability.
Remediation
References
Related Vulnerabilities
Python Improper Input Validation Vulnerability (CVE-2018-20852)
Moodle Improper Input Validation Vulnerability (CVE-2021-3943)
WordPress Plugin W3SCloud Contact Form 7 to Zoho CRM Cross-Site Scripting (1.1.2)
WordPress Plugin Page Flip Image Gallery 'book_id' Parameter Remote File Disclosure (0.2.2)