Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken Access Control vulnerability in the issue notification feature. The affected versions are before version 8.19.0.
References
Link | Resource |
---|---|
https://jira.atlassian.com/browse/JRASERVER-72737 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: atlassian
Published: 2021-08-30T00:00:00
Updated: 2021-09-01T22:50:08
Reserved: 2021-08-16T00:00:00
Link: CVE-2021-39119
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-09-01T23:15:07.480
Modified: 2022-07-12T17:42:04.277
Link: CVE-2021-39119
JSON object: View
Redhat Information
No data.
CWE