The host is installed with Atlassian Jira Server before 8.5.13, 8.6.0 before 8.13.5 and 8.14.0 before 8.15.1 and is prone to an information disclosure vulnerability. A flaw is present in the application which fails to properly handle the membersOf JQL search function. Successful exploitation allows remote anonymous attackers to determine if a group exists and members of groups if they are assigned to a publicly visible issue field.