The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
jira_data_center | ge | 7.13.0 | |
jira_data_center | lt | 8.5.5 | |
jira_server | gt | 7.13.0 | |
jira_server | lt | 8.5.5 |