The host is installed with Atlassian Jira Server before 7.13.12, 8.0.0 before 8.4.3, 8.5.0 before 8.5.2 and is prone to an improper authorization vulnerability. A flaw is present in the application which fails to properly handle issues in the WorkflowResource class removeStatus method. Successful exploitation allows authenticated remote attackers who do not have project administration access to remove a configured issue status from a project via a missing authorisation check.