Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 prior to 8.13.5, and from version 8.14.0 prior to 8.15.1.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
atlassian data center |
||
atlassian jira |
||
atlassian jira server |
||
atlassian jira data center |