Date Published: 2021-12-09
QID 150436: Atlassian Jira Server User Email Enumeration Vulnerability (JRASERVER-72293)
Jira is a proprietary issue tracking product, product developed by Atlassian. It provides bug tracking, issue tracking, and project management functions.
The installed version of Jira Atlassian Server allow unauthenticated remote attackers to view users emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint.
before version 8.5.13
from version 8.6.0 before 8.13.5
from version 8.14.0 before 8.15.1
Successful exploitation would lead attackers to enumerate the emails of users, which can help the attacker carry out further attacks and obtain sensitive information.
- JRASERVER-72293 - jira.atlassian.com/browse/JRASERVER-72293
CVEs related to QID 150436