Description

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.

Remediation

References

CVE-2020-36289

Related Vulnerabilities

Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-1806)

WordPress Plugin Controlled Admin Access Security Bypass (1.5.5)

WordPress Plugin Crayon Syntax Highlighter 'wp_load' Parameter Remote File Include (1.12.1)

WordPress Plugin Wufoo Shortcode Cross-Site Scripting (1.47)

Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-25608)

Severity

Medium

Classification

CVE-2020-36289 CWE-200

Tags

Missing Update Known Vulnerabilities