PT-2018-8512 · Atlassian · Jira+2

Published

2018-01-29

Updated

2019-10-09

CVE-2017-9513

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Atlassian Activity Streams versions prior to 6.3.0

Description The issue allows remote authenticated attackers to bypass permission checks, enabling them to watch any Confluence page and receive notifications when comments are added. They can also vote and watch JIRA issues they do not have access to, although they will not receive notifications for the issue.

Recommendations For versions prior to 6.3.0, update to version 6.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive Confluence pages and JIRA issues to minimize the risk of exploitation.

Fix

Improper Access Control

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-862

Related Identifiers

CVE-2017-9513

Affected Products

Activity Streams

Confluence

Jira

PT-2018-8512 · Atlassian · Jira+2

CVE-2017-9513

Weakness Enumeration

Related Identifiers

Affected Products

References · 4