Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-72258

Anonymously accessible Dashboards can leak private information via configured gadgets - CVE-2020-36287

XMLWordPrintable

    • 5.3
    • Medium
    • CVE-2020-36287

      The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check.

      Affected versions:

      • version < 8.13.5
      • 8.14.0 ≤ version < 8.15.1

      Fixed versions:

      • 8.13.5
      • 8.15.1  

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: