Lucene search
Security-metrics-botATLASSIAN:JRASERVER-72249HistoryMar 23, 2021 - 11:23 p.m.
Username Enumeration through the render api resource - CVE-2020-36238
2021-03-2323:23:32
security-metrics-bot
jira.atlassian.com
27
username enumeration
cve-2020-36238
jira server
EPSS
0.002
Percentile
55.4%
The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check.
Affected versions:
- version < 8.5.13
- 8.6.0 ā¤ version < 8.13.5
- 8.14.0 ā¤ version < 8.15.1
Fixed versions:
- 8.5.13
- 8.13.5
- 8.15.1
Related
atlassian
atlassian
Disclosure of issue key validity & issue attachment names in the render api resource - CVE-2019-14995
2019-08-12 02:43:16
Disclosure of issue key validity & issue attachment names in the render api resource - CVE-2019-14995
2019-08-12 02:43:16
Username Enumeration through the render api resource - CVE-2020-36238
2021-03-23 23:23:32
cnvd
cnvd
Atlassian Jira Server and Data Center has an unspecified vulnerability
2021-04-06 00:00:00
cve
cve
CVE-2020-36238
2021-04-01 03:15:13
CVE-2019-14995
2019-09-11 14:15:11
prion
prion
Design/Logic Flaw
2019-09-11 14:15:00
Design/Logic Flaw
2021-04-01 03:15:00
talos
talos
Atlassian Jira issue attachment name information disclosure vulnerability
2019-09-16 00:00:00
Atlassian Jira Issue Key Information Disclosure Vulnerability
2019-09-16 00:00:00
cvelist
cvelist
CVE-2019-14995
2019-09-11 13:56:26
CVE-2020-36238
2021-04-01 02:30:14
nvd
nvd
CVE-2019-14995
2019-09-11 14:15:11
CVE-2020-36238
2021-04-01 03:15:13
nessus
nessus
Atlassian Jira 8.6.x < 8.13.5 Multiple Vulnerabilities
2021-07-02 00:00:00
Atlassian Jira 8.14.x < 8.15.1 Multiple Vulnerabilities (2/2)
2021-07-02 00:00:00
talosblog
talosblog
Vulnerability Spotlight: Multiple vulnerabilities in Atlassian Jira
2019-09-20 07:26:50