Information disclosure

2021-05-1204:15:00

PRIOn knowledge base

www.prio-n.com

5.1 Medium

AI Score

Confidence

High

0.97 High

EPSS

Percentile

99.7%

JSON

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.

CPENameOperatorVersion
data_centerlt8.5.13
jiralt8.5.13
jira_data_centerge8.6.0
jira_data_centerlt8.13.5
jira_data_centerge8.14.0
jira_data_centerlt8.15.1
jira_serverge8.6.0
jira_serverlt8.13.5
jira_serverge8.14.0
jira_serverlt8.15.1

Name	Operator	Version
data_center	lt	8.5.13
jira	lt	8.5.13
jira_data_center	ge	8.6.0
jira_data_center	lt	8.13.5
jira_data_center	ge	8.14.0
jira_data_center	lt	8.15.1
jira_server	ge	8.6.0
jira_server	lt	8.13.5
jira_server	ge	8.14.0
jira_server	lt	8.15.1