Description

The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability.

Remediation

References

CVE-2020-14165

Related Vulnerabilities

Apache 2.x version older than 2.0.63

WordPress Plugin ShareThis Dashboard for Google Analytics Cross-Site Scripting (2.5.1)

Liferay Portal Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-28981)

WordPress Plugin RSVPMaker SQL Injection (9.2.5)

WordPress Plugin Count per Day Search Bar Cross-Site Scripting (3.2.2)

Severity

Medium

Classification

CVE-2020-14165

Tags

Missing Update Known Vulnerabilities