Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken Access Control vulnerability in the issue notification feature. The affected versions are before version 8.19.0.
References
Link | Resource |
---|---|
https://jira.atlassian.com/browse/JRASERVER-72737 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2021-09-01 23:15
Updated : 2024-10-11 21:35
NVD link : CVE-2021-39119
Mitre link : CVE-2021-39119
CVE.ORG link : CVE-2021-39119
JSON object : View
Products Affected
atlassian
- data_center
- jira
CWE
CWE-863
Incorrect Authorization