Description
Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2017-10309 Vulnerability (CVE-2017-10309)
WordPress Plugin YITH WooCommerce Frequently Bought Together Security Bypass (1.2.10)
Oracle JRE CVE-2019-2999 Vulnerability (CVE-2019-2999)
Envoy Proxy CVE-2023-27488 Vulnerability (CVE-2023-27488)
Oracle Database Server CVE-2020-2968 Vulnerability (CVE-2020-2968)