Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-71950

Mobile site reveals the summary titles of privately linked tickets - CVE-2020-36235

    XMLWordPrintable

Details

    • Public Security Vulnerability
    • Resolution: Fixed
    • Low
    • 8.13.2, 8.14.1, 8.15.0
    • 8.9.0
    • None
    • 5.3
    • Medium
    • CVE-2020-36235

    Description

      Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view.

       

      The affected versions are before version 8.13.2, and from version 8.14.0 before 8.14.1.

       

      Affected versions:

      • version < 8.13.2
      • 8.14.0 ≤ version < 8.14.1

      Fixed versions:

      • 8.13.2
      • 8.14.1
      • 8.15.0  

      Attachments

        Activity

          People

            Unassigned Unassigned
            security-metrics-bot Security Metrics Bot
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: