CVE-2020-14179

CVE Database · CVE-2020-14179

CVE-2020-14179

· MEDIUMModified

CVSS v3.1

5.3

EPSS

76.04%

Published

Sep 20, 2020

Modified

Nov 21, 2024

Public PoC / Exploit (2)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products (4)

atlassian · jira_data_center (up to 8.5.8)vulnerable

atlassian · jira_data_center (up to 8.11.1)vulnerable

atlassian · jira_server (up to 8.5.8)vulnerable

atlassian · jira_server (up to 8.11.1)vulnerable

References (2)

https://jira.atlassian.com/browse/JRASERVER-71536

Issue TrackingVendor Advisory

https://jira.atlassian.com/browse/JRASERVER-71536

Issue TrackingVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs