-
Type:
Bug
-
Resolution: Fixed
-
Priority:
High
-
Affects Version/s: 8.20.18, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0
-
Component/s: Security
-
8.2
-
7.5
-
Severity 2 - Major
Affected versions of Atlassian Jira Server and Data Centre allowed an unauthenticated remote attacker to fetch Issue,Project and Sprint information via Information Disclosure Vulnerability via "/secure/QueryComponentRendererValue!Default.jspa" endpoint.
Affected versions:
- version < 9.5.1
Fixed versions:
- 8.20.21 and newer
- 9.4.4 and newer
- 9.5.1 and newer
- 9.6.0 and newer