Description

Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken Access Control vulnerability in the issue notification feature. The affected versions are before version 8.19.0.

Remediation

References

CVE-2021-39119

Related Vulnerabilities

WordPress Plugin WordPress Meta Data and Taxonomies Filter (MDTF) PHP Object Injection (1.2.2)

WordPress Plugin WP DSGVO Tools (GDPR) PHP Object Injection (2.0.4)

PHP Deserialization of Untrusted Data Vulnerability (CVE-2016-7124)

WordPress Plugin ShortPixel Adaptive Images-WebP, AVIF, CDN, Image Optimization Cross-Site Scripting (3.6.2)

Dolibarr Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-33816)

Severity

Medium

Classification

CVE-2021-39119 CWE-287

Tags

Missing Update Known Vulnerabilities