Description

The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check.

Remediation

References

CVE-2019-14995

Related Vulnerabilities

WordPress Plugin WordPress Related Posts Cross-Site Scripting (3.6.4)

WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker Cross-Site Scripting (7.1.13)

PHP Resource Management Errors Vulnerability (CVE-2006-1549)

WordPress Plugin Appointment Hour Booking-WordPress Booking Cross-Site Scripting (1.3.15)

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4627)

Severity

Medium

Classification

CVE-2019-14995 CWE-276 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities