Jira Align is vulnerable to an authorization issue. A low-privilege user without sufficient privileges to perform an action could if they included a particular state-related parameter of a user with sufficient privileges to perform the action.