Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-74771

Information Disclosure via QueryCompenentRenderer API

XMLWordPrintable

      Affected versions of Atlassian Jira Server and Data Centre allowed an unauthenticated remote attacker to fetch Issue,Project and Sprint information via Information Disclosure Vulnerability via "/secure/QueryComponentRendererValue!Default.jspa" endpoint.

      Affected versions:

      • version < 9.5.1

      Fixed versions:

      • 8.20.21 and newer
      • 9.4.4 and newer
      • 9.5.1 and newer
      • 9.6.0 and newer

            [JRASERVER-74771] Information Disclosure via QueryCompenentRenderer API

            Bugfix Automation Bot made changes -
            Introduced in Version New: 8.2
            Soner Sezgin made changes -
            Symptom Severity New: Severity 2 - Major [ 15831 ]
            Workflow Original: JAC Public Security Vulnerability Workflow v2 [ 4341798 ] New: JAC Bug Workflow v3 [ 4510126 ]
            Issue Type Original: Public Security Vulnerability [ 10700 ] New: Bug [ 1 ]
            Status Original: Published [ 12873 ] New: Closed [ 6 ]
            Kaili Gu made changes -
            Link New: This issue has a derivative of JRASERVER-76261 [ JRASERVER-76261 ]
            Cathy S made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 765126 ]
            Bruno made changes -
            Description Original: Affected versions of Atlassian Jira Server and Data Centre allowed an unauthenticated remote attacker to fetch Issue,Project and Sprint information via Information Disclosure Vulnerability via "/secure/QueryComponentRendererValue!Default.jspa" endpoint.

            *Affected versions:*
             * version < 9.5.1

            *Fixed versions:*
             * 9.5.1
             * 9.6.0             		New: Affected versions of Atlassian Jira Server and Data Centre allowed an unauthenticated remote attacker to fetch Issue,Project and Sprint information via Information Disclosure Vulnerability via "/secure/QueryComponentRendererValue!Default.jspa" endpoint.

            *Affected versions:*
             * version < 9.5.1

            *Fixed versions:*
             * 8.20.21 and newer
             * 9.4.4 and newer
             * 9.5.1 and newer
             * 9.6.0 and newer
            Ignat (Inactive) made changes -
            Priority Original: Low [ 4 ] New: High [ 2 ]
            Justin Evans made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 743173 ]
            Zul NS [Atlassian] made changes -
            Fix Version/s New: 9.4.4 [ 104337 ]
            Fix Version/s New: 8.20.21 [ 104633 ]
            Vedika Tambolkar made changes -
            Affects Version/s New: 8.20.18 [ 104592 ]
            Mandeep Jadon made changes -
            Assignee Original: Mandeep Jadon [ ff48ea9431ea ]

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Affected customers:
              0 This affects my team
              Watchers:
              43 Start watching this issue

                Created:
                Updated:
                Resolved: