CVE-2021-39119

Published: Sep 1, 2021Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken Access Control vulnerability in the issue notification feature. The affected versions are before version 8.19.0.

Affected (2)

Products: Atlassian: Data Center, Jira

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Atlassian Data Center	Before 8.19.0
Atlassian Jira	Before 8.19.0

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://jira.atlassian.com/browse/JRASERVER-72737

Source: security@atlassian.com

Third Party Advisory

https://jira.atlassian.com/browse/JRASERVER-72737

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.