← back
CVE-2021-39119

CVE-2021-39119

CVSS 5.3 MEDIUMEPSS 0.8%CWE-863
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
01 Sep 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken Access Control vulnerability in the issue notification feature. The affected versions are before version 8.19.0.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
Atlassian · Jira Data CenterAtlassian · Jira Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://jira.atlassian.com/browse/JRASERVER-72737