CVE-2017-9513

Name of the Vulnerable Software and Affected Versions Atlassian Activity Streams versions prior to 6.3.0

Description The issue allows remote authenticated attackers to bypass permission checks, enabling them to watch any Confluence page and receive notifications when comments are added. They can also vote and watch JIRA issues they do not have access to, although they will not receive notifications for the issue.

Recommendations For versions prior to 6.3.0, update to version 6.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive Confluence pages and JIRA issues to minimize the risk of exploitation.