Hi @Sasi Venugopal , welcome to the Community!
For this particular vulnerability, the severity is not based on an assumption of network access. Due to the way the unicode bidirectional characters are handled in various systems, including Jira before the patch, it would be possible for someone to trick a user into copying malicious code into a system.
Consider this scenario:
In this short example, hidden characters could be included in the source even though Jira is behind a firewall. The fix changes the way Jira renders these characters so that they become visible.
Does this help answer your question?
Daniel | Atlassian Community
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event