CVE-2019-20101
published 2021-09-14CVE-2019-20101: Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken Access Control vulnerability…
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken Access Control vulnerability in the /rest/whitelist//check endpoint. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | data_center | < 8.13.3 | 8.13.3 |
| atlassian | data_center | — | — |
| atlassian | jira | < 8.13.3 | 8.13.3 |
| atlassian | jira | — | — |
| atlassian | jira_data_center | >= 8.14.0 < unspecified | unspecified |
| atlassian | jira_data_center | >= unspecified < 8.13.3 | 8.13.3 |
| atlassian | jira_data_center | >= unspecified < 8.14.1 | 8.14.1 |
| atlassian | jira_server | >= 8.14.0 < unspecified | unspecified |
| atlassian | jira_server | >= unspecified < 8.13.3 | 8.13.3 |
| atlassian | jira_server | >= unspecified < 8.14.1 | 8.14.1 |