CVE-2020-36237

CWE-200Information Exposure3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.8%
top 25.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Atlassian Jira Data CenterAtlassian Jira ServerAtlassian Data Center+1 more
Timeline
PublishedFeb 15
Latest updateMay 24

Description

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. The affected versions are before version 8.15.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

CVEListV5atlassian/jira_data_centerunspecified8.15.0
CVEListV5atlassian/jira_serverunspecified8.15.0
NVDatlassian/data_center< 8.15.0
NVDatlassian/jira< 8.15.0

🔴Vulnerability Details

2
GHSA
GHSA-x467-qjmw-8pjc: Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disc2022-05-24
CVEList
CVE-2020-36237: Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disc2021-02-14
CVE-2020-36237 (MEDIUM CVSS 5.3) | Affected versions of Atlassian Jira | cvebase.io