The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check.
References
Link | Resource |
---|---|
https://jira.atlassian.com/browse/JRASERVER-69792 | Issue Tracking Vendor Advisory |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0836 | Exploit Third Party Advisory |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0837 | Exploit Third Party Advisory |
Configurations
History
22 Apr 2022, 19:29
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-862 | |
References | (MISC) https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0837 - Exploit, Third Party Advisory | |
References | (MISC) https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0836 - Exploit, Third Party Advisory |
28 Mar 2022, 13:05
Type | Values Removed | Values Added |
---|---|---|
First Time |
Atlassian jira Server
|
|
CPE | cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:* |
Information
Published : 2019-09-11 14:15
Updated : 2023-12-10 12:59
NVD link : CVE-2019-14995
Mitre link : CVE-2019-14995
CVE.ORG link : CVE-2019-14995
JSON object : View
Products Affected
atlassian
- jira_server