We have found a vulnerability in the portal layout feature. Affected versions are RefinedTheme for JIRA Service Desk 2.0.0 - 2.0.4.
We have identified and fixed a vulnerability regarding customer portal layout which may affect JIRA Service Desk instances. This vulnerability potentially allows a logged in user to gain access to layout data for a customer portal they are not allowed to view. User needs to have a user account in JIRA in order to gain the access. The layout data cannot be accessed via the user interface. The data contains no information about the Service Desk project it is associated with. We assess this as a minor security risk.
If you have any questions regarding this matter please contact us at firstname.lastname@example.org.
This issue is resolved and released in version: 2.0.5. If you are currently on version 2.0.0 - 2.0.4, we recommend you to update to this version.