Description
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. The affected versions are before version 8.15.0.
Remediation
References
Related Vulnerabilities
WordPress Plugin Page Builder by SiteOrigin Cross-Site Request Forgery (2.10.15)
Moodle Uncontrolled Resource Consumption Vulnerability (CVE-2021-32476)
MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-30152)
Drupal Core 7.x Information Disclosure (7.0 - 7.26)
WordPress Plugin Check & Log Email Cross-Site Scripting (1.0.3)