This ticket is to request backporting fix from JRASERVER-73593 into 8.20.x LTS version

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers without permission to view a private project to view the project's issue creation meta information via a Broken Access Control vulnerability in the /issue/createmeta endpoint. The affected LTS version ...