Описание
The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check.
Ссылки
- Issue TrackingVendor Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Issue TrackingVendor Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 7.6.0 (включая) до 8.4.0 (исключая)
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 64%
0.00472
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-863
CWE-862
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check.
EPSS
Процентиль: 64%
0.00472
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-863
CWE-862