Description
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.21.0.
Remediation
References
Related Vulnerabilities
Oracle Application Server CVE-2009-0994 Vulnerability (CVE-2009-0994)
WordPress Plugin Popup by Supsystic Cross-Site Request Forgery (1.7.8)
Oracle Database Server CVE-2015-2586 Vulnerability (CVE-2015-2586)
MySQL CVE-2020-14663 Vulnerability (CVE-2020-14663)
WordPress Plugin Store Locator Plus for WordPress Privilege Escalation (5.5.14)