← back
CVE-2020-36289

CVE-2020-36289

CVSS 5.3 MEDIUMEPSS 99.2%CWE-863
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
Atlassian · Jira Data CenterAtlassian · Jira Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://jira.atlassian.com/browse/JRASERVER-71559