Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated users to see admin credentials via an information disclosure vulnerability in the {BaseUrl}/rest/insight/1.0/import/module/test/rlabs-import-type-json?objectSchemaId=<ID> endpoint.

The affected versions are before version 4.20.6.

Affected versions:

• version < 4.20.6

Fixed versions:

• 4.20.6