Authorization

2020-07-0102:15:00

PRIOn knowledge base

www.prio-n.com

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.5%

JSON

The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to enumerate project names via an improper authorization vulnerability.

CPENameOperatorVersion
jiralt8.5.5
jira_data_centerge8.8.0
jira_data_centerlt8.8.1
jira_data_centerge8.6.0
jira_data_centerlt8.7.2
jira_serverge8.6.0
jira_serverlt8.7.2
jira_serverge8.8.0
jira_serverlt8.8.1
jira_software_data_centerlt8.5.5

Name	Operator	Version
jira	lt	8.5.5
jira_data_center	ge	8.8.0
jira_data_center	lt	8.8.1
jira_data_center	ge	8.6.0
jira_data_center	lt	8.7.2
jira_server	ge	8.6.0
jira_server	lt	8.7.2
jira_server	ge	8.8.0
jira_server	lt	8.8.1
jira_software_data_center	lt	8.5.5

References

jira.atlassian.com/browse/JRASERVER-70926