Lucene search
AtlassianCVELIST:CVE-2021-26081HistoryJul 20, 2021 - 3:25 a.m.
CVE-2021-26081
2021-07-2003:25:12
atlassian
www.cve.org
5
vulnerability
atlassian jira
sensitive data exposure
REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the /rest/api/latest/user/avatar/temporary endpoint.
CNA Affected
[
{
"product": "Jira Server",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "8.5.14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.6.0",
"versionType": "custom"
},
{
"lessThan": "8.13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.14.0",
"versionType": "custom"
},
{
"lessThan": "8.16.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Jira Data Center",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "8.5.14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.6.0",
"versionType": "custom"
},
{
"lessThan": "8.13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.14.0",
"versionType": "custom"
},
{
"lessThan": "8.16.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
cnvd
cnvd
cve
cve
CVE-2021-26081
2021-07-20 04:15:09
prion
prion
Design/Logic Flaw
2021-07-20 04:15:00
nvd
nvd
CVE-2021-26081
2021-07-20 04:15:09
atlassian
atlassian
Username enumeration on Jira Software Server 8.15 - CVE-2021-26081
2021-06-09 01:05:42
Username enumeration on Jira Software Server 8.15 - CVE-2021-26081
2021-06-09 01:05:42