Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 prior to 8.5.7, and from version 8.6.0 prior to 8.12.0.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
atlassian data center |
||
atlassian jira |
||
atlassian jira server |
Plus: A warning to SharePoint operators
In brief Just days after issuing fixes for scores of bugs in its products for this month's Patch Tuesday, Microsoft has issued two more patches for security holes that can be exploited by maliciously crafted files to run malware on victims' computers. The first, CVE-2020-17023, is a Visual Studio issue that allows for remote code execution after getting the target to click on a specially crafted package.json file. As for the second, CVE-2020-17022, that's a memory-handling bug in the Windows 10 ...