The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://jira.atlassian.com/browse/JRASERVER-72249 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2021-04-01T02:30:14.029329Z
Updated: 2024-09-17T00:30:53.159Z
Reserved: 2021-01-27T00:00:00
Link: CVE-2020-36238
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-04-01T03:15:13.820
Modified: 2022-09-20T19:28:41.483
Link: CVE-2020-36238
Redhat
No data.