Lucene search
Security-metrics-botATLASSIAN:JRASERVER-72249HistoryMar 23, 2021 - 11:23 p.m.
Username Enumeration through the render api resource - CVE-2020-36238
2021-03-2323:23:32
security-metrics-bot
jira.atlassian.com
20
0.001 Low
EPSS
Percentile
47.9%
The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check.
Affected versions:
- version < 8.5.13
- 8.6.0 ā¤ version < 8.13.5
- 8.14.0 ā¤ version < 8.15.1
Fixed versions:
- 8.5.13
- 8.13.5
- 8.15.1
Related
atlassian
atlassian
cve
cve
CVE-2019-14995
2019-09-11 14:15:11
CVE-2020-36238
2021-04-01 03:15:13
talos
talos
Atlassian Jira Issue Key Information Disclosure Vulnerability
2019-09-16 00:00:00
Atlassian Jira issue attachment name information disclosure vulnerability
2019-09-16 00:00:00
cvelist
cvelist
CVE-2019-14995
2019-09-10 00:00:00
CVE-2020-36238
2021-04-01 00:00:00
nvd
nvd
CVE-2019-14995
2019-09-11 14:15:11
CVE-2020-36238
2021-04-01 03:15:13
prion
prion
Design/Logic Flaw
2021-04-01 03:15:00
Design/Logic Flaw
2019-09-11 14:15:00
cnvd
cnvd
Atlassian Jira Server and Data Center has an unspecified vulnerability
2021-04-06 00:00:00
nessus
nessus
Atlassian JIRA < 8.5.13 / 8.6.x < 8.13.5 / 8.14.x < 8.15.1 Multiple Vulnerablities
2021-04-08 00:00:00
Atlassian Jira 8.6.x < 8.13.5 Multiple Vulnerabilities
2021-07-02 00:00:00
Atlassian Jira 8.14.x < 8.15.1 Multiple Vulnerabilities (2/2)
2021-07-02 00:00:00
talosblog
talosblog
Vulnerability Spotlight: Multiple vulnerabilities in Atlassian Jira
2019-09-20 07:26:50