CVE-2021-39119

5.3MEDIUM

Key Information

Vendor: Atlassian
Status: Jira Server; Jira Data Center
Vendor: CVE Published:; 1 September 2021

Summary

Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken Access Control vulnerability in the issue notification feature. The affected versions are before version 8.19.0.

Affected Version(s)

Jira Server < 8.19.0

Jira Data Center < 8.19.0

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Sep 1, 2021
Vulnerability Reserved.
Aug 16, 2021

Collectors

NVD DatabaseMitre Database