Description
Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2.
Remediation
References
Related Vulnerabilities
Atlassian Jira Other Vulnerability (CVE-2006-3339)
Zenphoto Other Vulnerability (CVE-2006-2186)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-32567)
WordPress Plugin Advanced Custom Fields (ACF) Cross-Site Scripting (5.7.7)
Elgg Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6563)