The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check.
References
Link | Resource |
---|---|
https://jira.atlassian.com/browse/JRASERVER-72249 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: atlassian
Published: 2021-04-01T00:00:00
Updated: 2021-04-01T02:30:13
Reserved: 2021-01-27T00:00:00
Link: CVE-2020-36238
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-04-01T03:15:13.820
Modified: 2022-09-20T19:28:41.483
Link: CVE-2020-36238
JSON object: View
Redhat Information
No data.