← Back

CVE-2020-14165

nvd nist
Published: Jul 1, 2020Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability.

Affected (2)

Atlassian
2 products
Jira
Jira Software Data Center
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Jira
Before 8.9.0
Jira Software Data Center
Before 8.9.0

References (2)

Source: security@atlassian.com
Issue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingVendor Advisory

Timeline

No history available yet.