Description
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.21.0.
Remediation
References
Related Vulnerabilities
WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Disclosure (1.0.4)
MySQL CVE-2019-2910 Vulnerability (CVE-2019-2910)
WordPress Plugin Admin Menu Tree Page View Multiple Vulnerabilities (2.6.9)
Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2022-29933)