According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.8 or 8.6.x < 8.11.1. It is, therefore, affected by a sensitive data exposure vulnerability that allows remote, unauthenticated attackers to view custom field names and custom SLA names due to a vulnerability in the /secure/QueryComponent!Default.jspa endpoint.
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source data