Описание
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR) vulnerability in the Average Number of Times in Status Gadget. The affected versions are before version 8.13.12..
Ссылки
- Issue TrackingPatchVendor Advisory
- Issue TrackingPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.13.12 (исключая)Версия до 8.13.12 (исключая)
Одно из
cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_software_data_center:*:*:*:*:*:*:*:*
EPSS
Процентиль: 61%
0.00414
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-639
CWE-639
Связанные уязвимости
CVSS3: 7.5
github
около 3 лет назад
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR) vulnerability in the Average Number of Times in Status Gadget. The affected versions are before version 8.13.12..
EPSS
Процентиль: 61%
0.00414
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-639
CWE-639