The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote malicious users to obtain information about custom project avatars names via an Improper authorization vulnerability.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
atlassian jira |
||
atlassian jira software data center |
Vulmon