Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://jira.atlassian.com/browse/JRASERVER-71559 |
History
Thu, 17 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2021-05-12T03:30:12.264687Z
Updated: 2024-10-17T14:27:07.580Z
Reserved: 2021-03-31T00:00:00
Link: CVE-2020-36289
Vulnrichment
Updated: 2024-08-04T17:23:09.943Z
NVD
Status : Modified
Published: 2021-05-12T04:15:07.267
Modified: 2024-11-21T05:29:13.343
Link: CVE-2020-36289
Redhat
No data.