Atlassian · Jira · CVE-2017-18104
Name of the Vulnerable Software and Affected Versions:
Atlassian Jira versions prior to 7.6.7
Atlassian Jira versions 7.7.0 through 7.10.x
Description:
The issue allows remote attackers who can observe or intercept webhook events to learn information about changes in issues that should not be sent because they are not contained within the results of a specified JQL query.
Recommendations:
For versions prior to 7.6.7, update to version 7.6.7 or later.
For versions 7.7.0 through 7.10.x, update to version 7.11.0 or later.
As a temporary workaround, consider restricting access to webhook events to minimize the risk of exploitation.