Loading...

Log In
Closed

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 7.13.13, 8.4.0
Affects Version/s: 7.6.9, 8.2.1
Component/s: Issue - Attachments
Labels:

Fixed in Long Term Support Release/s:

Download 7.13
Introduced in Version:
7.06
Symptom Severity:
Severity 2 - Major

The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check.

is related to

JRASERVER-72249 Username Enumeration through the render api resource - CVE-2020-36238

Published

mentioned in: Page Loading...

relates to: RAID-1564 Loading...

Assignee:: Unassigned
Reporter:: Security Metrics Bot
Votes:: 0 Vote for this issue
Watchers:: 9 Start watching this issue

Created:: 12/Aug/2019 2:43 AM
Updated:: 31/Aug/2023 1:44 PM
Resolved:: 12/Aug/2019 2:43 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates