Atlassian JIRA < 8.4.0 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is prior to prior to 8.4.0. It is, therefore, affected by multiple vulnerabilities: - An authorization bypass vulnerability exists in the /rest/issueNav/1/issueTable resource as well as t...

CVE-2019-14995

The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check...

CVE-2019-14995

Affected software: Atlassian Jira Server/Data Center prior to 8.4.0. Vulnerability: /rest/api/1.0/render exposes an authentication bypass that lets anonymous users determine whether an attachment name exists and whether an issue key is valid due to a missing permissions check. Impact: information...

Disclosure of issue key validity & issue attachment names in the render api resource - CVE-2019-14995

The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check...