Affected versions of Atlassian Jira Service Management Server and Data Center allow an authenticated attacker who doesn't have permission to access a project to view the names of private projects via an Information Disclosure vulnerability in the /rest/insight/1.0/project/picker endpoint.

Affected versions:

• version < 4.20.4

Fixed versions:

• 4.20.4