Information disclosure in System Administration - Global Permissions - CVE-2019-20898

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen.

Affected versions:

• version < 8.8.0

Fixed versions:

• 8.8.0

Workaround for Jira 8.5.x:

• version >= 8.5.12: Enable [feature flag|https://confluence.atlassian.com/jirakb/enable-dark-feature-in-jira-959286331.html] {{jira.restrict.anonymous.access.to.mypermissions.rest.api.enabled}}
• version < 8.5.12: Not available