CVE-2019-20101

Name of the Vulnerable Software and Affected Versions Atlassian Jira Server and Data Center versions prior to 8.13.3 Atlassian Jira Server and Data Center versions 8.14.0 through 8.14.0

Description The issue allows anonymous remote attackers to view whitelist rules due to a Broken Access Control vulnerability in the "/rest/whitelist//check" endpoint.

Recommendations For versions prior to 8.13.3, update to version 8.13.3 or later. For version 8.14.0, update to version 8.14.1 or later. As a temporary workaround, consider restricting access to the "/rest/whitelist//check" endpoint until a patch is available.