Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://jira.atlassian.com/browse/JRASERVER-71559 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2021-05-12T03:30:12.264687Z
Updated: 2024-09-17T03:23:13.149Z
Reserved: 2021-03-31T00:00:00
Link: CVE-2020-36289
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-05-12T04:15:07.267
Modified: 2022-06-28T14:11:45.273
Link: CVE-2020-36289
Redhat
No data.