CVE-2020-14179

Published: Sep 21, 2020Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.

Affected (4)

Products: Atlassian: Jira Data Center, Jira Server

Atlassian

2 products

Jira Data Center

Jira Server

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Atlassian Jira Data Center	Before 8.5.8
Atlassian Jira Data Center	From 8.6.0 to 8.11.1
Atlassian Jira Server	Before 8.5.8
Atlassian Jira Server	From 8.6.0 to 8.11.1

References (2)

https://jira.atlassian.com/browse/JRASERVER-71536

Source: security@atlassian.com

Issue TrackingVendor Advisory

https://jira.atlassian.com/browse/JRASERVER-71536

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.