Lucene search

[email protected]NVD:CVE-2020-36289

HistoryMay 12, 2021 - 4:15 a.m.

CVE-2020-36289

2021-05-1204:15:07

CWE-863

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.97 High

EPSS

Percentile

99.7%

JSON

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.

Affected configurations

NVD

Node

atlassiandata_centerRange<8.5.13

atlassianjiraRange<8.5.13

atlassianjira_data_centerRange8.6.0–8.13.5

atlassianjira_data_centerRange8.14.0–8.15.1

atlassianjira_serverRange8.6.0–8.13.5

atlassianjira_serverRange8.14.0–8.15.1

References

jira.atlassian.com/browse/JRASERVER-71559

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.97 High

EPSS

Percentile

99.7%

JSON

Related for NVD:CVE-2020-36289

nessus5 prion1 cvelist1 seebug1 atlassian2 nuclei1 cve1