The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
jira | lt | 8.9.0 | |
jira_software_data_center | lt | 8.9.0 |