-
Bug
-
Resolution: Fixed
-
Medium (View bug fix roadmap)
-
7.6.9, 8.2.1
-
7.06
-
Severity 2 - Major
-
The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check.
- is related to
-
JRASERVER-72249 Username Enumeration through the render api resource - CVE-2020-36238
-
- Published
-
- mentioned in
-
Page Loading...
- relates to
-
Disclosure of issue key validity & issue attachment names in the render api resource - CVE-2019-14995
-
-
Resolution: Fixed
-
Medium
-
7.6.9, 8.2.1
-
7.06
-
Severity 2 - Major
-
The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check.
- is related to
-
-
- Published
-
- mentioned in
-
- relates to
-
-
Unassigned
-
Security Metrics Bot
- Votes:
-
0 Vote for this issue
- Watchers:
-
9 Start watching this issue
- Created:
- Updated:
- Resolved: