3 matches found
Atlassian JIRA < 8.5.10 / 8.6.x < 8.13.2 Information Disclosure (JRASERVER-72002)
According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is affected by an information disclosure vulnerability in its boards component due to missing permission checks. An authenticated, remote attacker can exploit this, to enumerate board...
CVE-2020-36231
CVE-2020-36231 affects Atlassian Jira Server and Data Center. The vulnerability is an Insecure Direct Object Reference (IDOR) that allows remote attackers to view metadata for boards they should not access. Affected versions are before 8.5.10 and from 8.6.0 before 8.13.2. Fixed versions are 8.5.1...
Board metadata is viewable without permissions via IDOR - CVE-2020-36231
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References IDOR vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2. ...