Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.
History

Thu, 17 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: atlassian

Published: 2021-05-12T03:30:12.264687Z

Updated: 2024-10-17T14:27:07.580Z

Reserved: 2021-03-31T00:00:00

Link: CVE-2020-36289

cve-icon Vulnrichment

Updated: 2024-08-04T17:23:09.943Z

cve-icon NVD

Status : Modified

Published: 2021-05-12T04:15:07.267

Modified: 2024-11-21T05:29:13.343

Link: CVE-2020-36289

cve-icon Redhat

No data.