Ben Taylor

**Name of the Vulnerable Software and Affected Versions** Atlassian Jira Tempo plugin version 4.10.0 **Description** A summary information disclosure issue exists, allowing authenticated users to obtain summaries of issues they do not have permission to view via the Tempo plugin. **Recommendations** For Atlassian Jira Tempo plugin version 4.10.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jira versions prior to 7.13.6 Jira versions 8.0.0 through 8.3.1 **Description** The issue allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification. **Recommendations** For Jira versions prior to 7.13.6, update to version 7.13.6 or later. For Jira versions 8.0.0 through 8.3.1, update to version 8.3.2 or later.

**Name of the Vulnerable Software and Affected Versions** Jira versions prior to 7.13.7 Jira versions 8.0.0 through 8.3.1 **Description** The issue concerns a missing permissions check in several worklog rest resources in Jira, allowing remote attackers to view worklog time information. **Recommendations** For Jira versions prior to 7.13.7, update to version 7.13.7 or later. For Jira versions 8.0.0 through 8.3.1, update to version 8.3.2 or later.

**Name of the Vulnerable Software and Affected Versions** Jira versions prior to 8.3.2 **Description** The issue concerns an incorrect authorization check in the /rest/issueNav/1/issueTable resource, allowing remote attackers to enumerate usernames. **Recommendations** For versions prior to 8.3.2, update to version 8.3.2 or later to resolve the issue.