What is CVE-2020-36289?

CVE-2020-36289 is a vulnerability in Atlassian Jira Data Center. Published 2021-05-12.

Is CVE-2020-36289 known to be exploited?

14 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Atlassian Jira Data Center

CVE-2020-36289

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are bef…

EPSS: 0.920 (99.7th percentile) — read the EPSS interpretation.

Affected products

Atlassian Jira Data Center — versions unspecified, 8.6.0, 8.14.0
Atlassian Jira Server — versions unspecified, 8.6.0, 8.14.0

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
Faizee-Asad/JIRA-Vulnerabilities
StarCrossPortal/scalpel
UGF0aWVudF9aZXJv/Atlassian-Jira-pentesting
anonymous364872/Rapier_
apif-review/APIF_
apit-review-account/apit-tool
imhunterand/JiraCVE

References

jira.atlassian.com/browse/JRASERVER-71559 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-36289?: CVE-2020-36289 is a vulnerability in Atlassian Jira Data Center. Published 2021-05-12.
Is CVE-2020-36289 known to be exploited?: 14 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.