[JRASERVER-74771] Information Disclosure via QueryCompenentRenderer API

Type: Bug
Resolution: Fixed
Priority: High (View bug fix roadmap)
Fix Version/s: 9.6.0, 9.5.1, 9.4.4, 8.20.21
Affects Version/s: 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 8.20.18
Component/s: Security
Labels:

Introduced in Version:
8.2
CVSS Score:
7.5
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Affected versions of Atlassian Jira Server and Data Centre allowed an unauthenticated remote attacker to fetch Issue,Project and Sprint information via Information Disclosure Vulnerability via "/secure/QueryComponentRendererValue!Default.jspa" endpoint.

Affected versions:

version < 9.5.1

Fixed versions:

8.20.21 and newer
9.4.4 and newer
9.5.1 and newer
9.6.0 and newer

mentioned in: Page Failed to load; Page Failed to load; Page Failed to load

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Affected customers:: 0 This affects my team

Watchers:: 43 Start watching this issue

Created:: 03/Feb/2023 5:50 AM

Updated:: 25/Feb/2025 11:30 AM

Resolved:: 21/Feb/2023 9:42 AM

Jira Data Center

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates