Information disclosure in the BrowseProjects.jspa resource - CVE-2019-3399

2019-04-29T04:15:42
ID ATLASSIAN:JRASERVER-69246
Type atlassian
Reporter security-metrics-bot
Modified 2019-04-30T21:47:06

Description

The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check.