cvelist/2020/36xxx/CVE-2020-36231.json

{
   "CVE_data_meta": {
      "ASSIGNER": "security@atlassian.com",
      "DATE_PUBLIC": "2021-01-21T00:00:00",
      "ID": "CVE-2020-36231",
      "STATE": "PUBLIC"
   },
   "affects": {
      "vendor": {
         "vendor_data": [
            {
               "product": {
                  "product_data": [
                     {
                        "product_name": "Jira Server",
                        "version": {
                           "version_data": [
                              {
                                 "version_value": "8.5.10",
                                 "version_affected": "<"
                              },
                              {
                                 "version_value": "8.6.0",
                                 "version_affected": ">="
                              },
                              {
                                 "version_value": "8.13.2",
                                 "version_affected": "<"
                              }
                           ]
                        }
                     },{
                        "product_name": "Jira Data Center",
                        "version": {
                           "version_data": [
                              {
                                 "version_value": "8.5.10",
                                 "version_affected": "<"
                              },
                              {
                                 "version_value": "8.6.0",
                                 "version_affected": ">="
                              },
                              {
                                 "version_value": "8.13.2",
                                 "version_affected": "<"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name": "Atlassian"
            }
         ]
      }
   },
   "data_format": "MITRE",
   "data_type": "CVE",
   "data_version": "4.0",
   "description": {
      "description_data": [
         {
            "lang": "eng",
            "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2."
         }
      ]
   },
   "problemtype": {
      "problemtype_data": [
         {
            "description": [
               {
                  "lang": "eng",
                  "value": "Insecure Direct Object References (IDOR)"
               }
            ]
         }
      ]
   },
   "references": {
      "reference_data": [
         {
            "url": "https://jira.atlassian.com/browse/JRASERVER-72002"
         }
      ]
   }
}
"-Synchronized-Data." 2021-01-27 20:01:03 +00:00			`{`
Register a Jira Server bug. 2021-02-02 10:32:00 +11:00			`"CVE_data_meta": {`
			`"ASSIGNER": "security@atlassian.com",`
			`"DATE_PUBLIC": "2021-01-21T00:00:00",`
			`"ID": "CVE-2020-36231",`
			`"STATE": "PUBLIC"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
"-Synchronized-Data." 2021-01-27 20:01:03 +00:00			`{`
Register a Jira Server bug. 2021-02-02 10:32:00 +11:00			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Jira Server",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "8.5.10",`
			`"version_affected": "<"`
			`},`
			`{`
			`"version_value": "8.6.0",`
			`"version_affected": ">="`
			`},`
			`{`
			`"version_value": "8.13.2",`
			`"version_affected": "<"`
			`}`
			`]`
			`}`
			`},{`
			`"product_name": "Jira Data Center",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "8.5.10",`
			`"version_affected": "<"`
			`},`
			`{`
			`"version_value": "8.6.0",`
			`"version_affected": ">="`
			`},`
			`{`
			`"version_value": "8.13.2",`
			`"version_affected": "<"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Atlassian"`
"-Synchronized-Data." 2021-01-27 20:01:03 +00:00			`}`
Register a Jira Server bug. 2021-02-02 10:32:00 +11:00			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
			`"value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2."`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "Insecure Direct Object References (IDOR)"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://jira.atlassian.com/browse/JRASERVER-72002"`
			`}`
			`]`
			`}`
"-Synchronized-Data." 2021-01-27 20:01:03 +00:00			`}`