CVE-2019-14995

Summary

The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check.

Affected Software

VendorProductVersion RangeStatus
AtlassianJiraunspecified < 8.4.0affected

Weaknesses

  • CWE-863: Incorrect Authorization (CWE-863)

ADP Enrichment

CVE Program Container

Additional References

References