Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2019-14995: [JRASERVER-69792] Disclosure of issue key validity & issue attachment names in the render api resource - CVE-2019-14995

The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check.

CVE
Open in Source
#vulnerability#cisco

Details

  • **Type: ** Bug

  • **Priority: ** Medium

  • Resolution: Fixed

  • Affects Version/s: 7.6.9, 8.2.1

  • Labels:

    • CVE-2019-14995
    • advisory
    • advisory-released
    • bugbounty
    • cisco-talos
    • cvss-medium
    • information-disclosure
    • security

  • Fixed in Long Term Support Release/s:

  • Introduced in Version:

    7.06

  • Symptom Severity:

    Severity 2 - Major

Description

The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check.

Issue Links

is related to

Public Security Vulnerability - JRASERVER-72249 Username Enumeration through the render api resource - CVE-2020-36238

  • Low - Low priority issues
  • Published

mentioned in

Page Loading…

relates to

RAID-1564 Loading…

Activity

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE