{"containers": {"cna": {"affected": [{"product": "Jira Server", "vendor": "Atlassian", "versions": [{"lessThan": "8.5.10", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "8.6.0", "versionType": "custom"}, {"lessThan": "8.13.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Jira Data Center", "vendor": "Atlassian", "versions": [{"lessThan": "8.5.10", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "8.6.0", "versionType": "custom"}, {"lessThan": "8.13.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-01-21T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2."}], "problemTypes": [{"descriptions": [{"description": "Insecure Direct Object References (IDOR)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-02-01T23:40:12.000Z", "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://jira.atlassian.com/browse/JRASERVER-72002"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2021-01-21T00:00:00", "ID": "CVE-2020-36231", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jira Server", "version": {"version_data": [{"version_affected": "<", "version_value": "8.5.10"}, {"version_affected": ">=", "version_value": "8.6.0"}, {"version_affected": "<", "version_value": "8.13.2"}]}}, {"product_name": "Jira Data Center", "version": {"version_data": [{"version_affected": "<", "version_value": "8.5.10"}, {"version_affected": ">=", "version_value": "8.6.0"}, {"version_affected": "<", "version_value": "8.13.2"}]}}]}, "vendor_name": "Atlassian"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insecure Direct Object References (IDOR)"}]}]}, "references": {"reference_data": [{"name": "https://jira.atlassian.com/browse/JRASERVER-72002", "refsource": "MISC", "url": "https://jira.atlassian.com/browse/JRASERVER-72002"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:23:09.962Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.atlassian.com/browse/JRASERVER-72002"}]}]}, "cveMetadata": {"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "assignerShortName": "atlassian", "cveId": "CVE-2020-36231", "datePublished": "2021-02-01T23:40:12.974Z", "dateReserved": "2021-01-27T00:00:00.000Z", "dateUpdated": "2024-09-16T17:14:09.087Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*", "matchCriteriaId": "2324F010-76F2-43D3-96C0-BD9150B7E652", "versionEndExcluding": "8.5.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E1F3243-C68E-43F6-9FEC-68F9318D5980", "versionEndExcluding": "8.13.2", "versionStartIncluding": "8.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_data_center:8.13.3:*:*:*:*:*:*:*", "matchCriteriaId": "CF422EB8-5C9E-4166-8354-E692E5C94737", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFF8C47C-4D9A-4A61-8B90-0BAF24FBDA14", "versionEndExcluding": "8.13.2", "versionStartIncluding": "8.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_server:8.13.3:*:*:*:*:*:*:*", "matchCriteriaId": "6ABE8741-5E98-467B-A946-E1913164CD5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_software_data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E92AC75-73E1-402C-9DCF-4A1B25CB999F", "versionEndExcluding": "8.5.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2."}, {"lang": "es", "value": "\u00e7Las versiones afectadas de Atlassian Jira Server y Data Center, permiten a atacantes remotos visualizar los metadatos de las tarjetas a las que no deber\u00edan tener acceso por medio de una vulnerabilidad de Insecure Direct Object References (IDOR).&#xa0;Las versiones afectadas son anteriores a 8.5.10 y desde la versi\u00f3n 8.6.0 versiones anteriores a 8.13.2"}], "id": "CVE-2020-36231", "lastModified": "2024-11-21T05:29:06.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-02T00:15:12.397", "references": [{"source": "security@atlassian.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/JRASERVER-72002"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/JRASERVER-72002"}], "sourceIdentifier": "security@atlassian.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}