The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://jira.atlassian.com/browse/JRASERVER-72258 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2021-04-09T02:00:14.081639Z
Updated: 2024-09-16T16:39:12.728Z
Reserved: 2021-03-31T00:00:00
Link: CVE-2020-36287
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-04-09T02:15:12.960
Modified: 2024-11-21T05:29:13.030
Link: CVE-2020-36287
Redhat
No data.