Description
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Job Manager Cross-Site Scripting (1.26.1)
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-7060)
WordPress Plugin Woocommerce Category Banner Management Security Bypass (1.1.1)
Django Improper Input Validation Vulnerability (CVE-2015-5144)