The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to publicly visible issue field.
                
            Metrics
Affected Vendors & Products
References
        | Link | Providers | 
|---|---|
| https://jira.atlassian.com/browse/JRASERVER-72272 |     | 
History
                    No history.
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: atlassian
Published: 2021-04-01T03:10:12.032285Z
Updated: 2024-09-16T19:24:29.543Z
Reserved: 2021-03-31T00:00:00
Link: CVE-2020-36286
 Vulnrichment
                        Vulnrichment
                    No data.
 NVD
                        NVD
                    Status : Modified
Published: 2021-04-01T03:15:13.960
Modified: 2024-11-21T05:29:12.890
Link: CVE-2020-36286
 Redhat
                        Redhat
                    No data.