Description
Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability.
Remediation
References
Related Vulnerabilities
WordPress Plugin AgentPress Broker Listings Cross-Site Scripting (1.0)
WordPress Plugin Google Maps v3 Shortcode Cross-Site Scripting (1.2.1)
WordPress Plugin Chief Editor Multiple Vulnerabilities (3.7.1)
WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.29)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-3169)