Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Atlassian Jira Incorrect Authorization Vulnerability (CVE-2020-36238)

Description

The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check.

Remediation

References

Related Vulnerabilities

WordPress Plugin SEO Smart Links Cross-Site Scripting (3.0.1)

PHP-Fusion URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-23182)

LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11456)

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-3971)

WordPress Plugin Allow PHP in Posts and Pages 'id' Parameter SQL Injection (2.0.0.RC1)

Severity

Medium

Classification

CVE-2020-36238 CWE-863

Tags

Missing Update Known Vulnerabilities