Description

The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability.

Remediation

References

CVE-2020-14165

Related Vulnerabilities

WordPress Plugin ImageDrop 'ImageDrop.php' Blind SQL Injection (1.1.2)

TYPO3 Improper Authentication Vulnerability (CVE-2023-47127)

MySQL CVE-2022-21287 Vulnerability (CVE-2022-21287)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-5656)

Apache Tomcat Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2022-42252)

Severity

Medium

Classification

CVE-2020-14165

Tags

Missing Update Known Vulnerabilities