Atlassian Jira < 9.5.1 (JRASERVER-74771)

The version of Atlassian Jira Server running on the remote host is affected by information disclosure vulnerability as referenced in the JRASERVER-74771 advisory. Affected versions of Atlassian Jira Server and Data Centre allowed an unauthenticated remote attacker to fetch Issue, Project and Spri...

Atlassian JIRA < 8.5.15 / 8.6.x < 8.13.7 / 8.14.x < 8.17.0 Unauth User Enum (JRASERVER-71559)

According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is affected by an information disclosure vulnerability in the QueryComponentRendererValue!Default.jspa due to an improper access restriction. An unauthenticated, remote attacker can explo...

Atlassian Jira < 8.5.15 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.15, 8.6.x 8.13.7 or 8.14.x 8.17.0. It is, therefore, affected by multiple vulnerabilities: - A Cross-Site Scripting XSS vulnerability in the CardLayoutConfigTable componen...

CVE-2020-36289

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and...

Information disclosure

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and...

CVE-2020-36289

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and...

PT-2021-11996 · Atlassian · Jira

Name of the Vulnerable Software and Affected Versions: Atlassian Jira Server and Data Center versions prior to 8.5.13 Atlassian Jira Server and Data Center versions 8.6.0 through 8.13.5 Atlassian Jira Server and Data Center versions 8.14.0 through 8.15.1 Description: The issue allows an...

User Enumeration via /QueryComponentRendererValue!Default.jspa endpoint - CVE-2020-36289

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. This vulnerability was discovered by Mikhail Klyuchnikov of Positive Technologies. The...