CVE-2020-36289

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.
References
Link Resource
https://jira.atlassian.com/browse/JRASERVER-71559 Issue Tracking Permissions Required
Configurations

Configuration 1

cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*

Information

Published : 2021-05-12 04:15

Updated : 2022-06-28 02:11


NVD link : CVE-2020-36289

Mitre link : CVE-2020-36289

Products Affected
No products.
CWE