The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Jira | Atlassian | * | 8.9.0 (excluding) |
Jira_software_data_center | Atlassian | * | 8.9.0 (excluding) |