-
Bug
-
Resolution: Fixed
-
Low
-
7.13.11
-
7.13
-
Severity 3 - Minor
-
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen.
Affected versions:
- version < 8.8.0
Fixed versions:
- 8.8.0
Workaround for Jira 8.5.x:
- version >= 8.5.12: Enable feature flag `jira.restrict.anonymous.access.to.mypermissions.rest.api.enabled`
- version < 8.5.12: Not available