Description
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an Improper Authorization vulnerability in the "Move objects" feature. The affected versions are before version 4.21.0.
Remediation
References
Related Vulnerabilities
Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-19039)
Joomla CVE-2020-35610 Vulnerability (CVE-2020-35610)
MySQL Use of Externally-Controlled Format String Vulnerability (CVE-2009-2446)
Moodle Cleartext Storage of Sensitive Information Vulnerability (CVE-2024-43429)