Main Vulnerability Database SB2018082820

SB2018082820 - Information disclosure in Atlassian JIRA

Published: August 28, 2018 Updated: July 17, 2020

Security Bulletin ID SB2018082820

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2018-13391)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version 7.11.2 allows remote attackers who can access & view an issue to obtain the email address of the reporter and assignee user of an issue despite the configured email visibility setting being set to hidden.

Remediation

Install update from vendor's website.

SB2018082820 - Information disclosure in Atlassian JIRA

Breakdown by Severity

Description

Remediation

References

Please verify you're human