Auth bypass in Atlassian Jira Data Center
CVE-2020-36287
The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget rela…
Vulnerability class: Broken Access Control
EPSS: 0.627 (98.4th percentile) — read the EPSS interpretation.
Affected products
- Atlassian Jira Data Center — versions unspecified, 8.14.0
- Atlassian Jira Server — versions unspecified, 8.14.0
Weakness classification (CWE)
Public proof-of-concept exploits
References
- jira.atlassian.com/browse/JRASERVER-72258 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-36287?
- CVE-2020-36287 is a vulnerability in Atlassian Jira Data Center, classified under Incorrect Authorization. Published 2021-04-09.
- Is CVE-2020-36287 known to be exploited?
- 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.