Security Vulnerabilities
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to read the steps of another user's private checklist.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-10-22
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to subscribe to an item/object without having the expected permission level.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-10-22
Jira Align is vulnerable to an authorization issue. A low-privilege user without sufficient privileges to perform an action could if they included a particular state-related parameter of a user with sufficient privileges to perform the action.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-10-22
Jira Align is vulnerable to an authorization issue. A low-privilege user is able to alter the private checklists of other users.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-10-22
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to read external reports without the required permission.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-10-22
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view certain sprint data without the required permission.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-10-22
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view portfolio rooms without the required permission.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-10-22
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to modify the steps of another user's private checklist.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-10-22
Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to self-approve or approve the temporary access requests of other users and gain unauthorized access to vaults and entries via crafted API requests.
CVSS Score
8.4
EPSS Score
0.001
Published
2025-10-22
An improper input validation in the Security Dashboard ignored-tasks API of Devolutions Server 2025.2.15.0 and earlier allows an authenticated user to cause a denial of service to the Security Dashboard via a crafted request.
CVSS Score
4.1
EPSS Score
0.001
Published
2025-10-22