The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: atlassian

Published: 2021-04-01T02:30:14.029329Z

Updated: 2024-09-17T00:30:53.159Z

Reserved: 2021-01-27T00:00:00

Link: CVE-2020-36238

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2021-04-01T03:15:13.820

Modified: 2022-09-20T19:28:41.483

Link: CVE-2020-36238

cve-icon Redhat

No data.