Description

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. The affected versions are before version 8.15.0.

Remediation

References

CVE-2020-36237

Related Vulnerabilities

WordPress 4.0.x Denial of Service Vulnerability (4.0 - 4.0.22)

Ampache Improper Authentication Vulnerability (CVE-2007-4438)

WordPress Plugin WP-Syntax Remote PHP Code Execution (0.9.9)

Joomla Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2019-12765)

concrete5 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-24986)

Severity

Medium

Classification

CVE-2020-36237

Tags

Missing Update Known Vulnerabilities