Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 8.12.0, 7.13.16, 8.5.7
Affects Version/s: 5.0
Component/s: Project Administration - Components
Labels:

Fixed in Long Term Support Release/s:

Download 7.13, 8.5
Introduced in Version:
5
Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint.

This vulnerability was discovered by Mikhail Klyuchnikov of Positive Technologies.

Affected versions:

version < 7.13.16
8.0.0 ≤ version < 8.5.7
8.6.0 ≤ version < 8.12.0

Fixed versions:

7.13.16
8.5.7
8.12.0

Attachments

Issue Links

is detailed by: VULN-164855 Loading...

Activity

People

Assignee:: Unassigned

Reporter:: AB

Votes:: 0 Vote for this issue

Watchers:: 16 Start watching this issue

Dates

Created:: 16/Sep/2020 3:13 AM

Updated:: 10/Jan/2024 4:09 AM

Resolved:: 16/Sep/2020 3:13 AM