CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
55.4%
An issue attachment name information disclosure vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. Anonymous users can differentiate between valid attachment names and invalid attachment names for any given issue via /rest/api/1.0/render
API endpoint.
Atlassian Jira 7.6.4 Atlassian Jira 8.1.0
<https://www.atlassian.com/software/jira>
5.3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-862 - Missing Authorization
An attacker can use this vector to identify valid attachment names for any given issue. This does not require a valid session.
Submit a POST to /rest/api/1.0/render
with the following body:
{"rendererType":"atlassian-wiki-renderer",
"unrenderedMarkup":"!<ATTACHMENT-NAME>!",
"issueKey":"<ISSUE-KEY>"}
replacing <ISSUE-KEY>
with a valid issue key, and <ATTACHMENT-NAME>
with a possibly valid attachment name.
A response containing โUnable to render embedded objectโฆโ indicates the filename is not valid for the issue.
A response containing โUnable to embed resourceโฆโ or a link to the file like โโฆ/secure/attachment/โฆโ indicates the filename is valid.
2019-05-14 - Vendor Disclosure
2019-09-09 - Vendor Patched
2019-09-16 - Public Release
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
55.4%