Julian Frey

**Name of the Vulnerable Software and Affected Versions** Atlassian Troubleshooting and Support Tools plugin versions prior to 1.17.2 Bitbucket Server / Data Center versions prior to 6.6.0 Confluence Server / Data Center versions prior to 7.0.1 Jira Server / Data Center versions prior to 8.3.2 Crowd / Crowd Data Center versions prior to 3.6.0 Fisheye versions prior to 4.7.2 Crucible versions prior to 4.7.2 Bamboo versions prior to 6.10.2 **Description** The issue allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. **Recommendations** Update the Atlassian Troubleshooting and Support Tools plugin to version 1.17.2 or later. Update Bitbucket Server / Data Center to version 6.6.0 or later. Update Confluence Server / Data Center to version 7.0.1 or later. Update Jira Server / Data Center to version 8.3.2 or later. Update Crowd / Crowd Data Center to version 3.6.0 or later. Update Fisheye to version 4.7.2 or later. Update Crucible to version 4.7.2 or later. Update Bamboo to version 6.10.2 or later.