Auto-merge PR#1616

2025-05-07 19:17:10 +00:00 · 2021-05-11 23:30:18 -04:00 · 2021-05-11 23:30:18 -04:00 · d0086297f9
commit d0086297f9
parent bff2fd0211 ff06fe111e
1 changed files with 102 additions and 15 deletions
--- a/2020/36xxx/CVE-2020-36289.json
+++ b/2020/36xxx/CVE-2020-36289.json
@ -1,18 +1,105 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2020-36289",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-            }
-        ]
+  "CVE_data_meta": {
+    "ASSIGNER": "security@atlassian.com",
+    "DATE_PUBLIC": "2021-05-12T00:00:00",
+    "ID": "CVE-2020-36289",
+    "STATE": "PUBLIC"
+  },
+  "affects": {
+    "vendor": {
+      "vendor_data": [
+        {
+          "product": {
+            "product_data": [
+              {
+                "product_name": "Jira Server",
+                "version": {
+                  "version_data": [
+                    {
+                      "version_value": "8.5.13",
+                      "version_affected": "<"
+                    },
+                    {
+                      "version_value": "8.6.0",
+                      "version_affected": ">="
+                    },
+                    {
+                      "version_value": "8.13.5",
+                      "version_affected": "<"
+                    },
+                    {
+                      "version_value": "8.14.0",
+                      "version_affected": ">="
+                    },
+                    {
+                      "version_value": "8.15.1",
+                      "version_affected": "<"
+                    }
+                  ]
+                }
+              },
+              {
+                "product_name": "Jira Data Center",
+                "version": {
+                  "version_data": [
+                    {
+                      "version_value": "8.5.13",
+                      "version_affected": "<"
+                    },
+                    {
+                      "version_value": "8.6.0",
+                      "version_affected": ">="
+                    },
+                    {
+                      "version_value": "8.13.5",
+                      "version_affected": "<"
+                    },
+                    {
+                      "version_value": "8.14.0",
+                      "version_affected": ">="
+                    },
+                    {
+                      "version_value": "8.15.1",
+                      "version_affected": "<"
+                    }
+                  ]
+                }
+              }
+            ]
+          },
+          "vendor_name": "Atlassian"
+        }
+      ]
    }
+  },
+  "data_format": "MITRE",
+  "data_type": "CVE",
+  "data_version": "4.0",
+  "description": {
+    "description_data": [
+      {
+        "lang": "eng",
+        "value": "Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1."
+      }
+    ]
+  },
+  "problemtype": {
+    "problemtype_data": [
+      {
+        "description": [
+          {
+            "lang": "eng",
+            "value": "Information Disclosure"
+          }
+        ]
+      }
+    ]
+  },
+  "references": {
+    "reference_data": [
+      {
+        "url": "https://jira.atlassian.com/browse/JRASERVER-71559"
+      }
+    ]
+  }
 }