Mobile site reveals the summary titles of privately linked tickets - CVE-2020-36235

XMLWordPrintable

    • Type: Public Security Vulnerability
    • Resolution: Fixed
    • Priority: Low
    • 8.13.2, 8.14.1, 8.15.0
    • Affects Version/s: 8.9.0
    • Component/s: None
    • 5.3
    • Medium
    • CVE-2020-36235

      Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view.

       

      The affected versions are before version 8.13.2, and from version 8.14.0 before 8.14.1.

       

      Affected versions:

      • version < 8.13.2
      • 8.14.0 ≤ version < 8.14.1

      Fixed versions:

      • 8.13.2
      • 8.14.1
      • 8.15.0  

              Assignee:
              Unassigned
              Reporter:
              Security Metrics Bot
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: