Loading...

XML

Word

Printable

Details

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low
Fix Version/s: 8.22.0, 8.20.12, 8.13.25
Affects Version/s: 8.20.2
Component/s: None
Labels:

CVSS Score:
5.3
CVSS Severity:
Medium

Description

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers without permission to view a private project to view the project's issue creation meta information via a Broken Access Control vulnerability in the /issue/createmeta endpoint.

The affected versions are before version 8.22.0., versions prior to 8.20.12

Affected versions:

version < 8.22.0
versions < 8.20.12
versions < 8.13.25

Fixed versions:

8.22.0
8.20.12
8.13.25

Please follow this Ticket: ~~JRASERVER-74131~~ to track the backport request to 8.20.x. ~~For security purposes, this ticket is internal for now.~~

Attachments

Issue Links

is related to

JRASERVER-74131 This ticket is to request backporting fix from JRASERVER-73593 into 8.20.x LTS version

Published

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(19 mentioned in)

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 54 Start watching this issue

Dates

Created:: 16/Mar/2022 5:14 AM

Updated:: 21/Feb/2023 3:40 PM

Resolved:: 05/Apr/2022 1:40 AM