N/A

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.13.21, and from version 8.14.0 before 8.20.9.

N/A

N/A

Atlassian Jira 安全漏洞

Atlassian Jira是澳大利亚Atlassian公司的一套缺陷跟踪管理系统。该系统主要用于对工作中各类问题、缺陷进行跟踪管理。 Atlassian Jira Server 和 Data Center 存在安全漏洞，该漏洞源于/secure/EditSubscription.jspa存在中断访问控制漏洞，允许经过身份验证的远程攻击者添加管理员组来过滤订阅。

N/A

N/A