CVE-2018-13391

Name of the Vulnerable Software and Affected Versions Jira Server versions prior to 7.6.8 Jira Server versions 7.7.0 through 7.7.4 Jira Server versions 7.8.0 through 7.8.4 Jira Server versions 7.9.0 through 7.9.2 Jira Server versions 7.10.0 through 7.10.2 Jira Server versions 7.11.0 through 7.11.1

Description The issue allows remote attackers who can access and view an issue to obtain the email address of the reporter and assignee user of an issue, despite the configured email visibility setting being set to hidden. This occurs due to a flaw in the ProfileLinkUserFormat component.

Recommendations For versions prior to 7.6.8, update to version 7.6.8 or later. For versions 7.7.0 through 7.7.4, update to version 7.7.5 or later. For versions 7.8.0 through 7.8.4, update to version 7.8.5 or later. For versions 7.9.0 through 7.9.2, update to version 7.9.3 or later. For versions 7.10.0 through 7.10.2, update to version 7.10.3 or later. For versions 7.11.0 through 7.11.1, update to version 7.11.2 or later.