Atlassian: >> Activity Streams Security Vulnerabilities
Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks.
CVSS Score
5.4
EPSS Score
0.001
Published
2018-01-29