Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-69792

Disclosure of issue key validity & issue attachment names in the render api resource - CVE-2019-14995

XMLWordPrintable

      The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check.

            Unassigned Unassigned
            security-metrics-bot Security Metrics Bot
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: