Description

The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check.

Remediation

References

CVE-2020-36238

Related Vulnerabilities

WordPress Plugin EDD Favorites Cross-Site Scripting (1.0.6)

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-2042)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2156)

WordPress Plugin Interactive Geo Maps Cross-Site Scripting (1.5.8)

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0703)

Severity

Medium

Classification

CVE-2020-36238 CWE-863

Tags

Missing Update Known Vulnerabilities