Description

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. The affected versions are before version 8.13.9, and from version 8.14.0 before 8.18.0.

Remediation

References

CVE-2021-39113

Related Vulnerabilities

Magento Deserialization of Untrusted Data Vulnerability (CVE-2019-8141)

WebLogic CVE-2021-1995 Vulnerability (CVE-2021-1995)

WordPress Missing Authentication for Critical Function Vulnerability (CVE-2020-11028)

Oracle Database Server CVE-2014-4245 Vulnerability (CVE-2014-4245)

WordPress Plugin Wp-Pro-Quiz Cross-Site Request Forgery (0.37)

Severity

High

Classification

CVE-2021-39113 CWE-613

Tags

Missing Update Known Vulnerabilities