Published: 12/05/2021 Updated: 30/03/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 prior to 8.13.5, and from version 8.14.0 prior to 8.15.1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
atlassian data center
atlassian jira
atlassian jira server
atlassian jira data center

JIRA_testing cve-2019-8449 - Username enumeration throw informaton disclosure vulnerability The /rest/api/latest/groupuserpicker resource in Jira before version 840 allows remote attackers to enumerate usernames via an information disclosure vulnerability jiraatlassiancom/browse/JRASERVER-69796 victomhost/rest/api/latest/groupuserpicker?query=1&maxR

主流供应商的一些攻击性漏洞汇总网络安全专家 @Alexander Knorr 在推特上分享的一些有关于供应商的一些 CVE 严重漏洞，详情，仅列出了 CVE 编号，无相关漏洞详情。所以在分享的图片基础上进行新增了漏洞 Title，官方公告，漏洞分析，利用代码，概念证明以及新增或删减了多个CVE等，另外

CWE-200 https://jira.atlassian.com/browse/JRASERVER-71559 https://nvd.nist.gov https://github.com/sushantdhopat/JIRA_testing

CVE-2020-36289

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect