PT-2021-11975 · Atlassian · Jira
Published
2021-04-01
·
Updated
2022-09-20
·
CVE-2020-36238
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Jira Server and Data Center versions 8.5.12 and earlier
Jira Server and Data Center versions 8.6.0 through 8.13.4
Jira Server and Data Center versions 8.14.0 through 8.15.0
Description:
The issue allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check in the /rest/api/1.0/render resource.
Recommendations:
For versions 8.5.12 and earlier, update to version 8.5.13 or later.
For versions 8.6.0 through 8.13.4, update to version 8.13.5 or later.
For versions 8.14.0 through 8.15.0, update to version 8.15.1 or later.
Fix
Incorrect Authorization
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jira