Описание
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (IDOR) vulnerability in the Workload Pie Chart Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0.
Ссылки
- Issue TrackingPatchVendor Advisory
- Issue TrackingPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.13.12 (исключая)Версия от 8.14.0 (включая) до 8.20.0 (исключая)Версия до 8.13.12 (исключая)Версия от 8.14.0 (включая) до 8.20.0 (исключая)
Одно из
cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_software_data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_software_data_center:*:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.01264
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-639
CWE-639
Связанные уязвимости
CVSS3: 7.5
github
около 3 лет назад
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (IDOR) vulnerability in the Workload Pie Chart Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0.
EPSS
Процентиль: 78%
0.01264
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-639
CWE-639