Date Published: 2021-09-16
QID 730186: Atlassian Jira Server and Data Center Information Disclosure Vulnerability (JRASERVER-72293)
Jira is a proprietary issue tracking product, developed by Atlassian. It provides bug tracking, issue tracking, and project management functions.
CVE-2021-39122: Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint.
Atlassian Jira Server versions prior to version 8.5.13
Atlassian Jira Server from version 8.6.0 before 8.13.5
Atlassian Jira Server from version 8.14.0 before 8.15.1
QID Detection Logic:(Unauthenticated)
It checks for vulnerable version of Atlassian Jira.
Successful exploitation of this vulnerability may allow anonymous remote attackers to view users' emails via an Information Disclosure vulnerability.
- JRASERVER-72293 - jira.atlassian.com/browse/JRASERVER-72293
CVEs related to QID 730186