Lucene search
DblackATLASSIAN:JRASERVER-72272HistoryMar 31, 2021 - 6:19 a.m.
Information Disclosure using JQL function membersOf - CVE-2020-36286
2021-03-3106:19:55
dblack
jira.atlassian.com
40
jira
data center
information disclosure
cve-2020-36286
remote attackers
EPSS
0.002
Percentile
57.0%
The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to a publicly visible issue field.
Affected versions:
- version < 8.5.13
- 8.6.0 ≤ version < 8.13.5
- 8.14.0 ≤ version < 8.15.1
Fixed versions:
- 8.5.13
- 8.13.5
- 8.15.1
Related
atlassian
atlassian
Anonymous users are able to view user information through the /rest/api/2/search endpoint - CVE-2021-39122
2021-04-07 06:10:01
Anonymous users are able to view user information through the /rest/api/2/search endpoint - CVE-2021-39122
2021-04-07 06:10:01
Information Disclosure using JQL function membersOf - CVE-2020-36286
2021-03-31 06:19:55
cvelist
cvelist
CVE-2021-39122
2021-09-08 02:05:10
CVE-2020-36286
2021-04-01 03:10:12
cve
cve
CVE-2021-39122
2021-09-08 02:15:06
CVE-2020-36286
2021-04-01 03:15:13
nvd
nvd
CVE-2021-39122
2021-09-08 02:15:06
CVE-2020-36286
2021-04-01 03:15:13
prion
prion
Information disclosure
2021-09-08 02:15:00
Denial of service
2021-04-01 03:15:00
cnvd
cnvd
nessus
nessus
Atlassian Jira < 8.5.13 Multiple Vulnerabilities
2021-07-02 00:00:00
Atlassian Jira 8.6.x < 8.13.5 Multiple Vulnerabilities
2021-07-02 00:00:00
Atlassian Jira 8.14.x < 8.15.1 Multiple Vulnerabilities (2/2)
2021-07-02 00:00:00