Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 8.4.0, 7.13.13
Affects Version/s: 7.6.9, 8.2.1
Component/s: Issue - Attachments
Labels:

Fixed in Long Term Support Release/s:

Download 7.13
Introduced in Version:
7.06
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check.

Attachments

Issue Links

is related to

JRASERVER-72249 Username Enumeration through the render api resource - CVE-2020-36238

Published

mentioned in: Page Loading...

relates to: RAID-1564 Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 12/Aug/2019 2:43 AM

Updated:: 31/Aug/2023 1:44 PM

Resolved:: 12/Aug/2019 2:43 AM