Description
The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check.
Remediation
References
Related Vulnerabilities
WordPress Plugin RSVPMaker SQL Injection (7.8.1)
ownCloud Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-2052)
WordPress Plugin Total Sales For Woocommerce Cross-Site Scripting (1.1)
WordPress Plugin Easy Banners Cross-Site Scripting (1.4)
WordPress Plugin Nofollow for external link Multiple Unspecified Vulnerabilities (1.1.2)