Description

The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability.

Remediation

References

CVE-2020-14165

Related Vulnerabilities

WordPress Plugin Store Locator Plus for WordPress Cross-Site Scripting (5.5.15)

MediaWiki Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-35624)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6024)

WordPress Plugin Invite Anyone PHP Object Injection (1.3.18)

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18623)

Severity

Medium

Classification

CVE-2020-14165

Tags

Missing Update Known Vulnerabilities