The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to publicly visible issue field.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: atlassian

Published: 2021-04-01T03:10:12.032285Z

Updated: 2024-09-16T19:24:29.543Z

Reserved: 2021-03-31T00:00:00

Link: CVE-2020-36286

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-04-01T03:15:13.960

Modified: 2024-11-21T05:29:12.890

Link: CVE-2020-36286

cve-icon Redhat

No data.