Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen.

Affected versions:

• version < 8.8.0

Fixed versions:

• 8.8.0

Workaround for Jira 8.5.x:

• version >= 8.5.12: Enable feature flag `jira.restrict.anonymous.access.to.mypermissions.rest.api.enabled`
• version < 8.5.12: Not available