The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version 7.11.2 allows remote attackers who can access & view an issue to obtain the email address of the reporter and assignee user of an issue despite the configured email visibility setting being set to hidden.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2018-08-28T13:00:00Z
Updated: 2024-09-17T04:18:49.143Z
Reserved: 2018-07-06T00:00:00
Link: CVE-2018-13391
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-08-28T12:29:00.230
Modified: 2024-11-21T03:47:00.780
Link: CVE-2018-13391
Redhat
No data.