Description
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.21.0.
Remediation
References
Related Vulnerabilities
Jetty Insufficient Session Expiration Vulnerability (CVE-2021-34428)
Oracle Application Server CVE-2006-3707 Vulnerability (CVE-2006-3707)
WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.127.3)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-5447)
WordPress Plugin Count per Day Cross-Site Request Forgery (3.2.5)