Affected versions of Atlassian Jira Server and Data Center allow remote attackers to obtain information about custom project avatars via an improper authorization vulnerability in the UniversalAvatarResource.getAvatars resource.
Affected versions:
Fixed versions:
CPE | Name | Operator | Version |
---|---|---|---|
jira server and data center | lt | 8.9.0 | |
jira server and data center | le | 8.5.1 |