CVE-2020-36289
MEDIUM NUCLEIAtlassian Data Center < 8.5.13 - Incorrect Authorization
Title source: ruleDescription
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.
Exploits (1)
Nuclei Templates (1)
Jira Server and Data Center - Information Disclosure
MEDIUMby dhiyaneshDk
Shodan:
http.component:"Atlassian Jira" || http.component:"atlassian jira"
Scores
CVSS v3
5.3
EPSS
0.9200
EPSS Percentile
99.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-863
Status
published
Products (4)
atlassian/data_center
< 8.5.13
atlassian/jira
< 8.5.13
atlassian/jira_data_center
8.6.0 - 8.13.5
atlassian/jira_server
8.6.0 - 8.13.5
Published
May 12, 2021
Tracked Since
Feb 18, 2026