Vulnerability in Atlassian Jira Server And Data Center
CVE-2020-14165
The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability.
EPSS: 0.002 (46.1th percentile) — read the EPSS interpretation.
Affected products
- Atlassian Jira Server And Data Center — versions unspecified
References
- jira.atlassian.com/browse/JRASERVER-71185 (x_refsource_MISC)