CVE-2020-36289

CVE Database · CVE-2020-36289

CVE-2020-36289

· MEDIUMModified

CVSS v3.1

5.3

EPSS

99.21%

Published

May 12, 2021

Modified

Nov 21, 2024

Public PoC / Exploit (2)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-863CWE-863

Affected Products (6)

atlassian · data_center (up to 8.5.13)vulnerable

atlassian · jira (up to 8.5.13)vulnerable

atlassian · jira_data_center (up to 8.13.5)vulnerable

atlassian · jira_data_center (up to 8.15.1)vulnerable

atlassian · jira_server (up to 8.13.5)vulnerable

atlassian · jira_server (up to 8.15.1)vulnerable

References (2)

https://jira.atlassian.com/browse/JRASERVER-71559

Issue TrackingPermissions RequiredVendor Advisory

https://jira.atlassian.com/browse/JRASERVER-71559

Issue TrackingPermissions RequiredVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs