CVE-2020-36289 - Vulnerability Details

Vendors	Products
Atlassian	Data Center Jira Jira Data Center Jira Server

Link	Providers
https://jira.atlassian.com/browse/JRASERVER-71559

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Jira Server", "vendor": "Atlassian", "versions": [{"lessThan": "8.5.13", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "8.6.0", "versionType": "custom"}, {"lessThan": "8.13.5", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "8.14.0", "versionType": "custom"}, {"lessThan": "8.15.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Jira Data Center", "vendor": "Atlassian", "versions": [{"lessThan": "8.5.13", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "8.6.0", "versionType": "custom"}, {"lessThan": "8.13.5", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "8.14.0", "versionType": "custom"}, {"lessThan": "8.15.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-05-12T00:00:00", "descriptions": [{"lang": "en", "value": "Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-05-12T03:30:12", "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://jira.atlassian.com/browse/JRASERVER-71559"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2021-05-12T00:00:00", "ID": "CVE-2020-36289", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jira Server", "version": {"version_data": [{"version_affected": "<", "version_value": "8.5.13"}, {"version_affected": ">=", "version_value": "8.6.0"}, {"version_affected": "<", "version_value": "8.13.5"}, {"version_affected": ">=", "version_value": "8.14.0"}, {"version_affected": "<", "version_value": "8.15.1"}]}}, {"product_name": "Jira Data Center", "version": {"version_data": [{"version_affected": "<", "version_value": "8.5.13"}, {"version_affected": ">=", "version_value": "8.6.0"}, {"version_affected": "<", "version_value": "8.13.5"}, {"version_affected": ">=", "version_value": "8.14.0"}, {"version_affected": "<", "version_value": "8.15.1"}]}}]}, "vendor_name": "Atlassian"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://jira.atlassian.com/browse/JRASERVER-71559", "refsource": "MISC", "url": "https://jira.atlassian.com/browse/JRASERVER-71559"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:23:09.943Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.atlassian.com/browse/JRASERVER-71559"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-863", "lang": "en", "description": "CWE-863 Incorrect Authorization"}]}], "affected": [{"vendor": "atlassian", "product": "jira_data_center", "cpes": ["cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "8.5.15", "versionType": "custom"}, {"version": "8.6.0", "status": "affected", "lessThan": "8.13.7", "versionType": "custom"}, {"version": "8.14.0", "status": "affected", "lessThan": "8.17.0", "versionType": "custom"}]}, {"vendor": "atlassian", "product": "jira_server", "cpes": ["cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "8.5.15", "versionType": "custom"}, {"version": "8.6.0", "status": "affected", "lessThan": "8.13.7", "versionType": "custom"}, {"version": "8.14.0", "status": "affected", "lessThan": "8.17.0", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-10-17T14:13:49.870839Z", "id": "CVE-2020-36289", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-17T14:27:07.580Z"}}]}, "cveMetadata": {"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "assignerShortName": "atlassian", "cveId": "CVE-2020-36289", "datePublished": "2021-05-12T03:30:12.264687Z", "dateReserved": "2021-03-31T00:00:00", "dateUpdated": "2024-10-17T14:27:07.580Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Jira Server (string)

vendor : Atlassian (string)

versions : [ »

0 : { »

lessThan : 8.5.13 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

1 : { »

lessThan : unspecified (string)

status : affected (string)

version : 8.6.0 (string)

versionType : custom (string)

}

2 : { »

lessThan : 8.13.5 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

3 : { »

lessThan : unspecified (string)

status : affected (string)

version : 8.14.0 (string)

versionType : custom (string)

}

4 : { »

lessThan : 8.15.1 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

1 : { »

product : Jira Data Center (string)

vendor : Atlassian (string)

versions : [ »

0 : { »

lessThan : 8.5.13 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

1 : { »

lessThan : unspecified (string)

status : affected (string)

version : 8.6.0 (string)

versionType : custom (string)

}

2 : { »

lessThan : 8.13.5 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

3 : { »

lessThan : unspecified (string)

status : affected (string)

version : 8.14.0 (string)

versionType : custom (string)

}

4 : { »

lessThan : 8.15.1 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

]

datePublic : 2021-05-12T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Information Disclosure (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-05-12T03:30:12 (string)

orgId : f08a6ab8-ed46-4c22-8884-d911ccfe3c66 (string)

shortName : atlassian (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://jira.atlassian.com/browse/JRASERVER-71559 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@atlassian.com (string)

DATE_PUBLIC : 2021-05-12T00:00:00 (string)

ID : CVE-2020-36289 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Jira Server (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_value : 8.5.13 (string)

}

1 : { »

version_affected : >= (string)

version_value : 8.6.0 (string)

}

2 : { »

version_affected : < (string)

version_value : 8.13.5 (string)

}

3 : { »

version_affected : >= (string)

version_value : 8.14.0 (string)

}

4 : { »

version_affected : < (string)

version_value : 8.15.1 (string)

}

]

}

1 : { »

product_name : Jira Data Center (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_value : 8.5.13 (string)

}

1 : { »

version_affected : >= (string)

version_value : 8.6.0 (string)

}

2 : { »

version_affected : < (string)

version_value : 8.13.5 (string)

}

3 : { »

version_affected : >= (string)

version_value : 8.14.0 (string)

}

4 : { »

version_affected : < (string)

version_value : 8.15.1 (string)

}

]

}

]

}

vendor_name : Atlassian (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Information Disclosure (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://jira.atlassian.com/browse/JRASERVER-71559 (string)

refsource : MISC (string)

url : https://jira.atlassian.com/browse/JRASERVER-71559 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T17:23:09.943Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://jira.atlassian.com/browse/JRASERVER-71559 (string)

}

]

}

1 : { »

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : CWE (string)

cweId : CWE-863 (string)

lang : en (string)

description : CWE-863 Incorrect Authorization (string)

}

]

}

]

affected : [ »

0 : { »

vendor : atlassian (string)

product : jira_data_center (string)

cpes : [ »

0 : cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 0 (string)

status : affected (string)

lessThan : 8.5.15 (string)

versionType : custom (string)

}

1 : { »

version : 8.6.0 (string)

status : affected (string)

lessThan : 8.13.7 (string)

versionType : custom (string)

}

2 : { »

version : 8.14.0 (string)

status : affected (string)

lessThan : 8.17.0 (string)

versionType : custom (string)

}

]

}

1 : { »

vendor : atlassian (string)

product : jira_server (string)

cpes : [ »

0 : cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 0 (string)

status : affected (string)

lessThan : 8.5.15 (string)

versionType : custom (string)

}

1 : { »

version : 8.6.0 (string)

status : affected (string)

lessThan : 8.13.7 (string)

versionType : custom (string)

}

2 : { »

version : 8.14.0 (string)

status : affected (string)

lessThan : 8.17.0 (string)

versionType : custom (string)

}

]

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 5.3 (number)

attackVector : NETWORK (string)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (string)

integrityImpact : NONE (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : NONE (string)

privilegesRequired : NONE (string)

confidentialityImpact : LOW (string)

}

1 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-10-17T14:13:49.870839Z (string)

id : CVE-2020-36289 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-10-17T14:27:07.580Z (string)

}

]

}

cveMetadata : { »

assignerOrgId : f08a6ab8-ed46-4c22-8884-d911ccfe3c66 (string)

assignerShortName : atlassian (string)

cveId : CVE-2020-36289 (string)

datePublished : 2021-05-12T03:30:12.264687Z (string)

dateReserved : 2021-03-31T00:00:00 (string)

dateUpdated : 2024-10-17T14:27:07.580Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://jira.atlassian.com/browse/JRASERVER-71559", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:23:09.943Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2020-36289", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-17T14:13:49.870839Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"], "vendor": "atlassian", "product": "jira_data_center", "versions": [{"status": "affected", "version": "0", "lessThan": "8.5.15", "versionType": "custom"}, {"status": "affected", "version": "8.6.0", "lessThan": "8.13.7", "versionType": "custom"}, {"status": "affected", "version": "8.14.0", "lessThan": "8.17.0", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"], "vendor": "atlassian", "product": "jira_server", "versions": [{"status": "affected", "version": "0", "lessThan": "8.5.15", "versionType": "custom"}, {"status": "affected", "version": "8.6.0", "lessThan": "8.13.7", "versionType": "custom"}, {"status": "affected", "version": "8.14.0", "lessThan": "8.17.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-17T14:26:54.534Z"}}], "cna": {"affected": [{"vendor": "Atlassian", "product": "Jira Server", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "8.5.13", "versionType": "custom"}, {"status": "affected", "version": "8.6.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "8.13.5", "versionType": "custom"}, {"status": "affected", "version": "8.14.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "8.15.1", "versionType": "custom"}]}, {"vendor": "Atlassian", "product": "Jira Data Center", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "8.5.13", "versionType": "custom"}, {"status": "affected", "version": "8.6.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "8.13.5", "versionType": "custom"}, {"status": "affected", "version": "8.14.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "8.15.1", "versionType": "custom"}]}], "datePublic": "2021-05-12T00:00:00", "references": [{"url": "https://jira.atlassian.com/browse/JRASERVER-71559", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Information Disclosure"}]}], "providerMetadata": {"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian", "dateUpdated": "2021-05-12T03:30:12"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "8.5.13", "version_affected": "<"}, {"version_value": "8.6.0", "version_affected": ">="}, {"version_value": "8.13.5", "version_affected": "<"}, {"version_value": "8.14.0", "version_affected": ">="}, {"version_value": "8.15.1", "version_affected": "<"}]}, "product_name": "Jira Server"}, {"version": {"version_data": [{"version_value": "8.5.13", "version_affected": "<"}, {"version_value": "8.6.0", "version_affected": ">="}, {"version_value": "8.13.5", "version_affected": "<"}, {"version_value": "8.14.0", "version_affected": ">="}, {"version_value": "8.15.1", "version_affected": "<"}]}, "product_name": "Jira Data Center"}]}, "vendor_name": "Atlassian"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://jira.atlassian.com/browse/JRASERVER-71559", "name": "https://jira.atlassian.com/browse/JRASERVER-71559", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-36289", "STATE": "PUBLIC", "ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2021-05-12T00:00:00"}}}}, "cveMetadata": {"cveId": "CVE-2020-36289", "state": "PUBLISHED", "dateUpdated": "2024-10-17T14:27:07.580Z", "dateReserved": "2021-03-31T00:00:00", "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "datePublished": "2021-05-12T03:30:12.264687Z", "assignerShortName": "atlassian"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://jira.atlassian.com/browse/JRASERVER-71559 (string)

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T17:23:09.943Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 5.3 (number)

attackVector : NETWORK (string)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (string)

integrityImpact : NONE (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : NONE (string)

privilegesRequired : NONE (string)

confidentialityImpact : LOW (string)

}

1 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2020-36289 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-10-17T14:13:49.870839Z (string)

}

]

affected : [ »

0 : { »

cpes : [ »

0 : cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:* (string)

]

vendor : atlassian (string)

product : jira_data_center (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

lessThan : 8.5.15 (string)

versionType : custom (string)

}

1 : { »

status : affected (string)

version : 8.6.0 (string)

lessThan : 8.13.7 (string)

versionType : custom (string)

}

2 : { »

status : affected (string)

version : 8.14.0 (string)

lessThan : 8.17.0 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

1 : { »

cpes : [ »

0 : cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:* (string)

]

vendor : atlassian (string)

product : jira_server (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

lessThan : 8.5.15 (string)

versionType : custom (string)

}

1 : { »

status : affected (string)

version : 8.6.0 (string)

lessThan : 8.13.7 (string)

versionType : custom (string)

}

2 : { »

status : affected (string)

version : 8.14.0 (string)

lessThan : 8.17.0 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-863 (string)

description : CWE-863 Incorrect Authorization (string)

}

]

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-10-17T14:26:54.534Z (string)

}

]

cna : { »

affected : [ »

0 : { »

vendor : Atlassian (string)

product : Jira Server (string)

versions : [ »

0 : { »

status : affected (string)

version : unspecified (string)

lessThan : 8.5.13 (string)

versionType : custom (string)

}

1 : { »

status : affected (string)

version : 8.6.0 (string)

lessThan : unspecified (string)

versionType : custom (string)

}

2 : { »

status : affected (string)

version : unspecified (string)

lessThan : 8.13.5 (string)

versionType : custom (string)

}

3 : { »

status : affected (string)

version : 8.14.0 (string)

lessThan : unspecified (string)

versionType : custom (string)

}

4 : { »

status : affected (string)

version : unspecified (string)

lessThan : 8.15.1 (string)

versionType : custom (string)

}

]

}

1 : { »

vendor : Atlassian (string)

product : Jira Data Center (string)

versions : [ »

0 : { »

status : affected (string)

version : unspecified (string)

lessThan : 8.5.13 (string)

versionType : custom (string)

}

1 : { »

status : affected (string)

version : 8.6.0 (string)

lessThan : unspecified (string)

versionType : custom (string)

}

2 : { »

status : affected (string)

version : unspecified (string)

lessThan : 8.13.5 (string)

versionType : custom (string)

}

3 : { »

status : affected (string)

version : 8.14.0 (string)

lessThan : unspecified (string)

versionType : custom (string)

}

4 : { »

status : affected (string)

version : unspecified (string)

lessThan : 8.15.1 (string)

versionType : custom (string)

}

]

}

]

datePublic : 2021-05-12T00:00:00 (string)

references : [ »

0 : { »

url : https://jira.atlassian.com/browse/JRASERVER-71559 (string)

tags : [ »

0 : x_refsource_MISC (string)

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : text (string)

description : Information Disclosure (string)

}

]

}

]

providerMetadata : { »

orgId : f08a6ab8-ed46-4c22-8884-d911ccfe3c66 (string)

shortName : atlassian (string)

dateUpdated : 2021-05-12T03:30:12 (string)

}

x_legacyV4Record : { »

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

version : { »

version_data : [ »

0 : { »

version_value : 8.5.13 (string)

version_affected : < (string)

}

1 : { »

version_value : 8.6.0 (string)

version_affected : >= (string)

}

2 : { »

version_value : 8.13.5 (string)

version_affected : < (string)

}

3 : { »

version_value : 8.14.0 (string)

version_affected : >= (string)

}

4 : { »

version_value : 8.15.1 (string)

version_affected : < (string)

}

]

}

product_name : Jira Server (string)

}

1 : { »

version : { »

version_data : [ »

0 : { »

version_value : 8.5.13 (string)

version_affected : < (string)

}

1 : { »

version_value : 8.6.0 (string)

version_affected : >= (string)

}

2 : { »

version_value : 8.13.5 (string)

version_affected : < (string)

}

3 : { »

version_value : 8.14.0 (string)

version_affected : >= (string)

}

4 : { »

version_value : 8.15.1 (string)

version_affected : < (string)

}

]

}

product_name : Jira Data Center (string)

}

]

}

vendor_name : Atlassian (string)

}

]

}

data_type : CVE (string)

references : { »

reference_data : [ »

0 : { »

url : https://jira.atlassian.com/browse/JRASERVER-71559 (string)

name : https://jira.atlassian.com/browse/JRASERVER-71559 (string)

refsource : MISC (string)

}

]

}

data_format : MITRE (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Information Disclosure (string)

}

]

}

]

}

data_version : 4.0 (string)

CVE_data_meta : { »

ID : CVE-2020-36289 (string)

STATE : PUBLIC (string)

ASSIGNER : security@atlassian.com (string)

DATE_PUBLIC : 2021-05-12T00:00:00 (string)

}

cveMetadata : { »

cveId : CVE-2020-36289 (string)

state : PUBLISHED (string)

dateUpdated : 2024-10-17T14:27:07.580Z (string)

dateReserved : 2021-03-31T00:00:00 (string)

assignerOrgId : f08a6ab8-ed46-4c22-8884-d911ccfe3c66 (string)

datePublished : 2021-05-12T03:30:12.264687Z (string)

assignerShortName : atlassian (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "A455FC63-AF29-4D31-8E11-AA5671D12E06", "versionEndExcluding": "8.5.13", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA8144D6-FDAF-4B92-BE54-832893AC0A1E", "versionEndExcluding": "8.5.13", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "26055208-F18D-4FF9-A442-7DD62D80F7E7", "versionEndExcluding": "8.13.5", "versionStartIncluding": "8.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F4C4682-A56A-4BEA-AFD7-6F116FCE8EF9", "versionEndExcluding": "8.15.1", "versionStartIncluding": "8.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DF55918-44C7-4DC9-BD66-9FD9BA64A955", "versionEndExcluding": "8.13.5", "versionStartIncluding": "8.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C31DC16-F8E3-4261-B539-C251E4BBC584", "versionEndExcluding": "8.15.1", "versionStartIncluding": "8.14.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1."}, {"lang": "es", "value": "Las versiones afectadas de Atlassian Jira Server y Data Center permiten a un usuario no autenticado enumerar usuarios a trav\u00e9s de una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en el endpoint QueryComponentRendererValue!Default.jspa. Las versiones afectadas son anteriores a la versi\u00f3n 8.5.13, desde la versi\u00f3n 8.6.0 antes de la 8.13.5, y desde la versi\u00f3n 8.14.0 antes de la 8.15.1"}], "id": "CVE-2020-36289", "lastModified": "2024-11-21T05:29:13.343", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2021-05-12T04:15:07.267", "references": [{"source": "security@atlassian.com", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/JRASERVER-71559"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/JRASERVER-71559"}], "sourceIdentifier": "security@atlassian.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A455FC63-AF29-4D31-8E11-AA5671D12E06 (string)

versionEndExcluding : 8.5.13 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:* (string)

matchCriteriaId : FA8144D6-FDAF-4B92-BE54-832893AC0A1E (string)

versionEndExcluding : 8.5.13 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 26055208-F18D-4FF9-A442-7DD62D80F7E7 (string)

versionEndExcluding : 8.13.5 (string)

versionStartIncluding : 8.6.0 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 9F4C4682-A56A-4BEA-AFD7-6F116FCE8EF9 (string)

versionEndExcluding : 8.15.1 (string)

versionStartIncluding : 8.14.0 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 9DF55918-44C7-4DC9-BD66-9FD9BA64A955 (string)

versionEndExcluding : 8.13.5 (string)

versionStartIncluding : 8.6.0 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 3C31DC16-F8E3-4261-B539-C251E4BBC584 (string)

versionEndExcluding : 8.15.1 (string)

versionStartIncluding : 8.14.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1. (string)

}

1 : { »

lang : es (string)

value : Las versiones afectadas de Atlassian Jira Server y Data Center permiten a un usuario no autenticado enumerar usuarios a través de una vulnerabilidad de divulgación de información en el endpoint QueryComponentRendererValue!Default.jspa. Las versiones afectadas son anteriores a la versión 8.5.13, desde la versión 8.6.0 antes de la 8.13.5, y desde la versión 8.14.0 antes de la 8.15.1 (string)

}

]

id : CVE-2020-36289 (string)

lastModified : 2024-11-21T05:29:13.343 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 5.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 1.4 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 5.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 1.4 (number)

source : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

type : Secondary (string)

}

]

}

published : 2021-05-12T04:15:07.267 (string)

references : [ »

0 : { »

source : security@atlassian.com (string)

tags : [ »

0 : Issue Tracking (string)

1 : Permissions Required (string)

2 : Vendor Advisory (string)

]

url : https://jira.atlassian.com/browse/JRASERVER-71559 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Permissions Required (string)

2 : Vendor Advisory (string)

]

url : https://jira.atlassian.com/browse/JRASERVER-71559 (string)

}

]

sourceIdentifier : security@atlassian.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-863 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-863 (string)

}

]

source : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

type : Secondary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object