HTTP: Atlassian JIRA User Enumeration
This signature detects attempts to exploit a known vulnerability against Atlassian JIRA. A successful attack can lead to sensitive information disclosure.
Extended Description
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.
Affected Products
Atlassian jira_data_center
References
CVE: CVE-2020-36289
Short Name
HTTP:CTS:JIRA-USER-ENUM
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Atlassian CVE-2020-36289 Enumeration JIRA User
Release Date
11/15/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3693
False Positive
Unknown
Vendors
Atlassian