CVE-2020-36286
MEDIUMJira Server/Data Center <8.5.13, <8.6.0-8.13.5, <8.14.0-8.15.1 - In...
Title source: llmDescription
The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to publicly visible issue field.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://jira.atlassian.com/browse/JRASERVER-72272
Scores
CVSS v3
5.3
EPSS
0.0021
EPSS Percentile
43.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
Status
published
Products (4)
atlassian/data_center
< 8.5.13
atlassian/jira
< 8.5.13
atlassian/jira_data_center
8.6.0 - 8.13.5
atlassian/jira_server
8.6.0 - 8.13.5
Published
Apr 01, 2021
Tracked Since
Feb 18, 2026