The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to publicly visible issue field.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://jira.atlassian.com/browse/JRASERVER-72272 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2021-04-01T03:10:12.032285Z
Updated: 2024-09-16T19:24:29.543Z
Reserved: 2021-03-31T00:00:00
Link: CVE-2020-36286
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-04-01T03:15:13.960
Modified: 2024-11-21T05:29:12.890
Link: CVE-2020-36286
Redhat
No data.