Description

Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken Access Control vulnerability in the issue notification feature. The affected versions are before version 8.19.0.

Remediation

References

CVE-2021-39119

Related Vulnerabilities

Joomla Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2019-11358)

ownCloud Improper Access Control Vulnerability (CVE-2016-9462)

WordPress Plugin YITH Desktop Notifications for WooCommerce Security Bypass (1.2.7)

Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-12529)

WordPress Plugin Walk Score Multiple Cross-Site Scripting Vulnerabilities (0.5.5)

Severity

Medium

Classification

CVE-2021-39119 CWE-287

Tags

Missing Update Known Vulnerabilities