CVE-2021-39127

Name of the Vulnerable Software and Affected Versions Atlassian Jira Server and Data Center versions prior to 8.5.10 Atlassian Jira Server and Data Center versions 8.6.0 through 8.13.1

Description The issue allows anonymous remote attackers to access the query component JQL endpoint via a Broken Access Control vulnerability. This vulnerability enables attackers to exploit the JQL endpoint.

Recommendations For versions prior to 8.5.10, update to version 8.5.10 or later. For versions 8.6.0 through 8.13.1, update to version 8.13.1 or later. As a temporary workaround, consider restricting access to the JQL endpoint until a patch is available.