CVE-2020-36287

CVE-2020-36287

Vendor Atlassian
Product Jira Server
Weakness CWE-863 · Incorrect authorization
Published April 9, 2021
Last update September 16, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check.

Key dates

02Disclosure timeline

April 9, 2021 CVE published
September 16, 2024 Record updated