CVE-2020-36287

The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

History

20 Sep 2022, 19:28

Type Values Removed Values Added
CWE CWE-863 CWE-862

30 Mar 2022, 13:29

Type Values Removed Values Added
First Time Atlassian jira Data Center
CPE cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*

25 Mar 2022, 18:14

Type Values Removed Values Added
CPE cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
First Time Atlassian jira Server

14 Apr 2021, 19:19

Type Values Removed Values Added
References (MISC) https://jira.atlassian.com/browse/JRASERVER-72258 - (MISC) https://jira.atlassian.com/browse/JRASERVER-72258 - Vendor Advisory
CWE CWE-863
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 5.3
CPE cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*

09 Apr 2021, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-04-09 02:15

Updated : 2023-12-10 13:55


NVD link : CVE-2020-36287

Mitre link : CVE-2020-36287

CVE.ORG link : CVE-2020-36287


JSON object : View

Products Affected

atlassian

  • jira_data_center
  • jira
  • jira_server
  • data_center
CWE
CWE-862

Missing Authorization

CWE-863

Incorrect Authorization