Atlassian Jira Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2020-36289
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValueDefault.jspa endpoint. The affected versions are before version 8.5.13 from version 8.6.0 before 8.13.5 and from version 8.14.0 before 8.15.1.