CVE-2021-39119
First published: Wed Sep 01 2021(Updated: )
Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken Access Control vulnerability in the issue notification feature. The affected versions are before version 8.19.0.
Credit: security@atlassian.com security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Data Center | <8.19.0 | |
| Atlassian JIRA | <8.19.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-39119.
What are the affected versions of Atlassian Jira Server and Data Center?
The affected versions of Atlassian Jira Server and Data Center are before version 8.19.0.
What is the severity of CVE-2021-39119?
The severity of CVE-2021-39119 is medium.
How does CVE-2021-39119 affect users who have watched an issue?
CVE-2021-39119 allows users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked.
Is there a fix available for CVE-2021-39119?
Yes, upgrading to version 8.19.0 or later of Atlassian Jira Server and Data Center fixes CVE-2021-39119.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/last-modified-date
- agent/tags
- agent/source
- vendor/atlassian
- canonical/atlassian data center
- canonical/atlassian jira