cve/2020/CVE-2020-36238.md

### [CVE-2020-36238](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36238)
![](https://img.shields.io/static/v1?label=Product&message=Jira%20Data%20Center&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Jira%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%208.5.13%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Incorrect%20Authorization%20(CWE-863)&color=brighgreen)

### Description

The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/Live-Hack-CVE/CVE-2020-36238
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2020-36238](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36238)`
			`![](https://img.shields.io/static/v1?label=Product&message=Jira%20Data%20Center&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Jira%20Server&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3C%208.5.13%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Incorrect%20Authorization%20(CWE-863)&color=brighgreen)`

			`### Description`

			`The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/Live-Hack-CVE/CVE-2020-36238`