Description

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.

Remediation

References

CVE-2020-36289

Related Vulnerabilities

PHP Improper Input Validation Vulnerability (CVE-2004-1019)

LimeSurvey Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-5078)

osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-4271)

WordPress Improper Privilege Management Vulnerability (CVE-2020-28036)

Moment.js Other Vulnerability (CVE-2022-31129)

Severity

Medium

Classification

CVE-2020-36289 CWE-200

Tags

Missing Update Known Vulnerabilities