Headline
CVE-2020-36238: [JRASERVER-72249] Username Enumeration through the render api resource - CVE-2020-36238
The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check.
- **Type: ** Public Security Vulnerability
**Priority: ** Low
Resolution: Fixed
Affects Version/s: 8.5.0, 8.13.0
- Component/s: None
The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check.
Affected versions:
- version < 8.5.13
- 8.6.0 ≤ version < 8.13.5
- 8.14.0 ≤ version < 8.15.1
Fixed versions:
- 8.5.13
- 8.13.5
- 8.15.1
relates to
JRASERVER-69792 Disclosure of issue key validity & issue attachment names in the render api resource - CVE-2019-14995
- Closed
mentioned in
Page Loading…