Описание
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0.
Ссылки
- Issue TrackingPatchVendor Advisory
- Issue TrackingPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.13.12 (исключая)Версия от 8.14.0 (включая) до 8.20.0 (исключая)Версия до 8.13.12 (исключая)Версия от 8.14.0 (включая) до 8.20.0 (исключая)
Одно из
cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_software_data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_software_data_center:*:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00735
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-639
CWE-639
Связанные уязвимости
CVSS3: 7.5
github
около 3 лет назад
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0.
EPSS
Процентиль: 72%
0.00735
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-639
CWE-639