CVE-2020-4029
published 2020-07-01CVE-2020-4029: The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to enumerate project names via an improper authorization vulnerability.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | jira | < 8.5.5 | 8.5.5 |
| atlassian | jira_data_center | >= 8.6.0 < 8.7.2 | 8.7.2 |
| atlassian | jira_data_center | >= 8.8.0 < 8.8.1 | 8.8.1 |
| atlassian | jira_server | >= 8.6.0 < 8.7.2 | 8.7.2 |
| atlassian | jira_server | >= 8.8.0 < 8.8.1 | 8.8.1 |
| atlassian | jira_server_and_data_center | >= 8.6.0 < unspecified | unspecified |
| atlassian | jira_server_and_data_center | >= 8.8.0 < unspecified | unspecified |
| atlassian | jira_server_and_data_center | >= unspecified < 8.5.5 | 8.5.5 |
| atlassian | jira_server_and_data_center | >= unspecified < 8.7.2 | 8.7.2 |
| atlassian | jira_server_and_data_center | >= unspecified < 8.8.1 | 8.8.1 |
| atlassian | jira_software_data_center | < 8.5.5 | 8.5.5 |