Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Jira_data_center | Atlassian | * | 8.5.8 (excluding) |
Jira_data_center | Atlassian | 8.6.0 (including) | 8.11.1 (excluding) |
Jira_server | Atlassian | * | 8.5.8 (excluding) |
Jira_server | Atlassian | 8.6.0 (including) | 8.11.1 (excluding) |