Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 8.5.13, 8.13.5, 8.15.1, 8.16.0
Affects Version/s: 8.5.12
Component/s: JQL
Labels:

Fixed in Long Term Support Release/s:

Download 8.5
Introduced in Version:
8.05
Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to a publicly visible issue field.

Affected versions:

version < 8.5.13
8.6.0 ≤ version < 8.13.5
8.14.0 ≤ version < 8.15.1

Fixed versions:

8.5.13
8.13.5
8.15.1

is related to

JRASERVER-72293 Anonymous users are able to view user information through the /rest/api/2/search endpoint - CVE-2021-39122

Published

relates to: VULN-204886 Loading...

Assignee:: Unassigned

Reporter:: David Black

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 31/Mar/2021 6:19 AM

Updated:: 21/Apr/2021 6:58 AM

Resolved:: 31/Mar/2021 6:30 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates