CVE-2021-39119

Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken Access Control vulnerability in the issue notification feature. The affected versions are before version 8.19.0.

Published: Sep 2, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-39119
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-863

Affected Software
References

Software	From	Fixed in
atlassian / data_center	-	8.19.0
atlassian / jira	-	8.19.0

https://jira.atlassian.com/browse/JRASERVER-72737

Vulnerability Database

290,020

CVE-2021-39119