Description

The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to enumerate project names via an improper authorization vulnerability.

Remediation

References

CVE-2020-4029

Related Vulnerabilities

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5106)

WordPress Plugin Post to CSV by BestWebSoft CSV Injection (1.4.0)

Oracle Database Server CVE-2008-2607 Vulnerability (CVE-2008-2607)

TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-23503)

WordPress Plugin Mailster-Email Newsletter for WordPress Cross-Site Scripting (2.4.5.1)

Severity

Medium

Classification

CVE-2020-4029

Tags

Missing Update Known Vulnerabilities