...
The vulnerability was identified in 2.7.38-AC and lower earlier versions of the Recurring Tasks developed by us. The vulnerability means that if the Jira administrator allows anonymous users access to one of Jira projects then anonymous users may create and modify other users' recurring tasks in certain situations.
...