What is CVE-2020-36239?

CVE-2020-36239 is a vulnerability in Atlassian Jira Core Data Center, classified under Missing Authorization. Published 2021-07-29.

Is CVE-2020-36239 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Atlassian Jira Core Data Center

CVE-2020-36239

Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version…

Vulnerability class: Broken Access Control

EPSS: 0.162 (94.9th percentile) — read the EPSS interpretation.

Affected products

Atlassian Jira Core Data Center — versions 6.3.0, unspecified, 8.6.0
Atlassian Jira Data Center — versions 6.3.0, unspecified, 8.6.0
Atlassian Jira Service Management Data Center — versions 2.0.2, unspecified, 4.6.0
Atlassian Jira Software Data Center — versions 6.3.0, unspecified, 8.6.0

Weakness classification (CWE)

CWE-862 — Missing Authorization

Public proof-of-concept exploits

References

jira.atlassian.com/browse/JSDSERVER-8454 (x_refsource_MISC)
jira.atlassian.com/browse/JRASERVER-72566 (x_refsource_MISC)
confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-mana… (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-36239?: CVE-2020-36239 is a vulnerability in Atlassian Jira Core Data Center, classified under Missing Authorization. Published 2021-07-29.
Is CVE-2020-36239 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.