The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check.
References
Link | Resource |
---|---|
https://jira.atlassian.com/browse/JRASERVER-72258 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: atlassian
Published: 2021-04-09T00:00:00
Updated: 2021-04-09T02:00:13
Reserved: 2021-03-31T00:00:00
Link: CVE-2020-36287
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-04-09T02:15:12.960
Modified: 2022-09-20T19:28:33.500
Link: CVE-2020-36287
JSON object: View
Redhat Information
No data.