{"cve":{"cve_id":"CVE-2020-36289","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.99209,"epss_percentile":0.99929,"epss_as_of":"2026-06-23","description":"Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.","published_at":"2021-05-12T03:30:12.264000Z","last_modified_at":null,"cvss_v3_score":5.3,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","cvss_v3_severity":"MEDIUM","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":true,"ssvc_technical_impact":"partial","cwes":["CWE-863"],"nvd_references":["https://jira.atlassian.com/browse/JRASERVER-71559"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:14:15.778362Z"},"effective_severity":"MEDIUM","badges":["poc","epss"],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"L","value_label":"Low"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-data-center","product_name":"Jira Data Center","version_start":"unspecified","version_start_inclusive":true,"version_end":"8.15.1","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-data-center:unspecified:8.15.1"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-data-center","product_name":"Jira Data Center","version_start":"unspecified","version_start_inclusive":true,"version_end":"8.5.13","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-data-center:unspecified:8.5.13"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-data-center","product_name":"Jira Data Center","version_start":"8.6.0","version_start_inclusive":true,"version_end":"unspecified","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-data-center:8.6.0:unspecified"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-data-center","product_name":"Jira Data Center","version_start":"unspecified","version_start_inclusive":true,"version_end":"8.13.5","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-data-center:unspecified:8.13.5"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-data-center","product_name":"Jira Data Center","version_start":"8.14.0","version_start_inclusive":true,"version_end":"unspecified","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-data-center:8.14.0:unspecified"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-server","product_name":"Jira Server","version_start":"unspecified","version_start_inclusive":true,"version_end":"8.5.13","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-server:unspecified:8.5.13"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-server","product_name":"Jira Server","version_start":"8.6.0","version_start_inclusive":true,"version_end":"unspecified","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-server:8.6.0:unspecified"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-server","product_name":"Jira Server","version_start":"unspecified","version_start_inclusive":true,"version_end":"8.13.5","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-server:unspecified:8.13.5"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-server","product_name":"Jira Server","version_start":"8.14.0","version_start_inclusive":true,"version_end":"unspecified","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-server:8.14.0:unspecified"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-server","product_name":"Jira Server","version_start":"unspecified","version_start_inclusive":true,"version_end":"8.15.1","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-server:unspecified:8.15.1"}],"exploit_refs":[{"source":"nuclei","kind":"nuclei","url":"https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-36289.yaml","title":"Jira Server and Data Center - Information Disclosure","author":"dhiyaneshDk","disclosed_at":null}],"news":[],"references":[{"url":"https://jira.atlassian.com/browse/JRASERVER-71559","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2021-05-12T03:30:12.264000Z","label":"CVE published","source":null},{"type":"poc_available","at":"2026-06-24T00:29:48.638073Z","label":"Public PoC available","source":"nuclei"},{"type":"ssvc_changed","at":"2026-06-24T00:31:31.607057Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:31.607057Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:31.607057Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:31.607057Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:31.607057Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:31.607057Z","label":"CVSS score revised","source":"vulnrichment"}]}