Affected versions of Jira Server allow remote unauthenticated malicious users to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are prior to 7.13.18, from version 8.0.0 prior to 8.5.9, and from version 8.6.0 before version 8.12.2.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
atlassian jira |
||
atlassian jira server |