Description
Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2.
Remediation
References
Related Vulnerabilities
OpenSSL Cryptographic Issues Vulnerability (CVE-2010-0928)
WordPress Plugin Logo Carousel Cross-Site Request Forgery (1.7.4)
MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-3579)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-7449)