The host is installed with Atlassian Jira Server before 8.13.9, or 8.14.0 before 8.18.0 and is prone to a broken access control vulnerability. A flaw is present in the application which fails to properly handle the allowlist feature. Successful exploitation could allow remote attackers to continue to view cached content even after losing permissions.