Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 8.5.13, 8.13.5, 8.15.1, 8.16.0
Affects Version/s: 8.5.12
Component/s: JQL
Labels:

Fixed in Long Term Support Release/s:

Download 8.5
Introduced in Version:
8.05
Symptom Severity:
Severity 3 - Minor

The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to a publicly visible issue field.

Affected versions:

version < 8.5.13
8.6.0 ≤ version < 8.13.5
8.14.0 ≤ version < 8.15.1

Fixed versions:

8.5.13
8.13.5
8.15.1

is related to

JRASERVER-72293 Anonymous users are able to view user information through the /rest/api/2/search endpoint - CVE-2021-39122

Published

relates to: VULN-204886 Loading...

Assignee:: Unassigned
Reporter:: David Black
Votes:: 0 Vote for this issue
Watchers:: 6 Start watching this issue

Created:: 31/Mar/2021 6:19 AM
Updated:: 21/Apr/2021 6:58 AM
Resolved:: 31/Mar/2021 6:30 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates