Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Atlassian Jira Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2018-13391 - Vulnerability Database
Atlassian Jira

Atlassian Jira Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2018-13391

Medium
Reference: CVE-2018-13391
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2018-13391
Title: Atlassian Jira Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

The ProfileLinkUserFormat component of Jira Server before version 7.6.8 from version 7.7.0 before version 7.7.5 from version 7.8.0 before version 7.8.5 from version 7.9.0 before version 7.9.3 from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version 7.11.2 allows remote attackers who can access amp view an issue to obtain the email address of the reporter and assignee user of an issue despite the configured email visibility setting being set to hidden.