Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are before version 4.12.0.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Jira_service_desk | Atlassian | * | 4.12.0 (excluding) |