Описание
Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure vulnerability.
Ссылки
- Issue TrackingVendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.9.1 (исключая)Версия до 8.9.1 (исключая)
Одно из
cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_software_data_center:*:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00455
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-203
Связанные уязвимости
github
около 3 лет назад
Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure vulnerability.
EPSS
Процентиль: 63%
0.00455
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-203