Loading...

XML

Word

Printable

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low
Fix Version/s: 8.13.25, 8.20.12, 8.22.0
Affects Version/s: 8.20.8
Component/s: Security
Labels:

Symptom Severity:
Severity 2 - Major
CVSS Score:
5.3
CVSS Severity:
Medium

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers without permission to view a private project to view the project's issue creation meta information via a Broken Access Control vulnerability in the */issue/createmeta *endpoint.

The affected LTS version is 8.20.8 and the fix is not backported to this version.

relates to

JRASERVER-73593 A user can view the "createmeta" information of private projects

Published

links to

https://bulldog.internal.atlassian.com/browse/SSE-895

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(3 mentioned in)

Assignee:: Konrad Plasota
Reporter:: skavatekar
Votes:: 9 Vote for this issue
Watchers:: 16 Start watching this issue

Created:: 21/Jul/2022 11:18 AM
Updated:: 22/Feb/2023 4:45 AM
Resolved:: 29/Aug/2022 10:00 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates