Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.
References
Link | Resource |
---|---|
https://jira.atlassian.com/browse/JRASERVER-71559 | Issue Tracking Permissions Required Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: atlassian
Published: 2021-05-12T00:00:00
Updated: 2021-05-12T03:30:12
Reserved: 2021-03-31T00:00:00
Link: CVE-2020-36289
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-05-12T04:15:07.267
Modified: 2022-06-28T14:11:45.273
Link: CVE-2020-36289
JSON object: View
Redhat Information
No data.
CWE