Description
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an Improper Authorization vulnerability in the "Move objects" feature. The affected versions are before version 4.21.0.
Remediation
References
Related Vulnerabilities
WordPress Plugin Export any WordPress data to XML/CSV Cross-Site Scripting (1.3.5)
PHP Other Vulnerability (CVE-2007-0909)
MySQL CVE-2019-2683 Vulnerability (CVE-2019-2683)
WordPress Plugin Event Registration 'id' Parameter SQL Injection (5.43)
WordPress Plugin Gallery-Image and Video Gallery with Thumbnails SQL Injection (1.2.0)