Description
Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2.
Remediation
References
Related Vulnerabilities
Dotclear Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-5083)
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1447)
WordPress Plugin Dropdown and scrollable Text Cross-Site Scripting (2.0)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1832)