Описание
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken Access Control vulnerability in the /rest/whitelist//check endpoint. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1.
Ссылки
- Issue TrackingVendor Advisory
- Vendor Advisory
- Issue TrackingVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.13.3 (исключая)Версия до 8.13.3 (исключая)
Одно из
cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:data_center:8:14:0:*:*:*:*:*
cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:8:14.0:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00928
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
CVSS3: 5.3
github
около 3 лет назад
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken Access Control vulnerability in the /rest/whitelist/<version>/check endpoint. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1.
EPSS
Процентиль: 75%
0.00928
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-Other