CVE-2020-14183

Published: Oct 6, 2020Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's Support Entitlement Number (SEN) via an Information Disclosure vulnerability in the HTTP Response headers. The affected versions are before version 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before 8.12.1.

Affected (6)

Products: Atlassian: Jira

Atlassian

1 product

Jira

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Atlassian Jira	Before 7.13.18
Atlassian Jira	From 8.0.0 to 8.5.9
Atlassian Jira	From 8.6.0 to 8.12.1
Atlassian Jira	Before 7.13.18
Atlassian Jira	From 8.0.0 to 8.5.9
Atlassian Jira	From 8.6.0 to 8.12.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://jira.atlassian.com/browse/JRASERVER-71646

Source: security@atlassian.com

Permissions RequiredVendor Advisory

https://jira.atlassian.com/browse/JRASERVER-71646

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

Timeline

No history available yet.