Atlassian Jira Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2020-36289 - Vulnerability Database

Atlassian Jira Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2020-36289

Medium
Reference: CVE-2020-36289
Title: Atlassian Jira Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValueDefault.jspa endpoint. The affected versions are before version 8.5.13 from version 8.6.0 before 8.13.5 and from version 8.14.0 before 8.15.1.