Description

Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken Access Control vulnerability in the issue notification feature. The affected versions are before version 8.19.0.

Remediation

References

CVE-2021-39119

Related Vulnerabilities

IBM RTC Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2020-4544)

WordPress Plugin pipdig Power pack (p3) Backdoor (4.7.3)

Oracle Database Server CVE-2014-4293 Vulnerability (CVE-2014-4293)

WordPress Plugin BestSmallShopLite Cross-Site Scripting (1.0.1)

OpenSSL Cryptographic Issues Vulnerability (CVE-2014-3470)

Severity

Medium

Classification

CVE-2021-39119 CWE-287

Tags

Missing Update Known Vulnerabilities