mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 09:12:08 +00:00
882 B
882 B
CVE-2019-14995
&color=brighgreen)
Description
The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check.
POC
Reference
- https://jira.atlassian.com/browse/JRASERVER-69792
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0836
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0837
Github
No PoCs found on GitHub currently.