Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2020-14179

UNKNOWN
Published 2020-09-21T00:50:12.069829Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2020-14179. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.

Available Exploits

Atlassian Jira Server/Data Center <8.5.8/8.6.0 - 8.11.1 - Information Disclosure

Atlassian Jira Server and Data Center before 8.5.8 and 8.6.0 through 8.11.1 are susceptible to information disclosure via the /secure/QueryComponent!Default.jspa endpoint. An attacker can view custom field names and custom SLA names.

ID: CVE-2020-14179
Author: x1m_martijn Medium

References:

Related News

No news articles found for this CVE.

Affected Products

Atlassian

Jira Server

Affected Versions:

unspecified 8.6.0 unspecified

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-25wr-cfxr-69vm

Advisory Details

Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-14179
WEB https://jira.atlassian.com/browse/JRASERVER-71536

Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: May 24, 2022

References

https://jira.atlassian.com/browse/JRASERVER-71536

HackerOne Reports

Sensitive data exposure via https://███████/jira//secure/QueryComponent!Default.jspa - CVE-2020-14179 Medium
lu3ky-13
U.S. Dept Of Defense
Information Disclosure
View Report
Sensitive data exposure via /secure/███████ endpoint on ████████ Medium
njmulsqb
U.S. Dept Of Defense
Information Disclosure
View Report
Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint on ████████ Medium
njmulsqb
U.S. Dept Of Defense
Information Disclosure
View Report
[███████] Information disclosure due unauthenticated access to APIs and system browser functions Medium
h0w
U.S. Dept Of Defense
Information Disclosure
View Report
Information disclosure at '████████' --- CVE-2020-14179 Medium
0x3f
U.S. Dept Of Defense
Information Disclosure
View Report
CVE-2020-14179 on https://jira.theendlessweb.com/secure/QueryComponent!Default.jspa leads to information disclosure Medium
nagli
Endless Group
Information Disclosure
View Report
[█████████] Information disclosure due unauthenticated access to APIs and system browser functions Medium
hackeronanywhere
U.S. Dept Of Defense
Information Disclosure
View Report
Sensitive data exposure via https://████████.mil/secure/QueryComponent!Default.jspa - CVE-2020-14179 Medium
r4d1kal
U.S. Dept Of Defense
Information Disclosure
View Report
[U.S. Air Force] Information disclosure due unauthenticated access to APIs and system browser functions Medium
hackeronanywhere
U.S. Dept Of Defense
Violation of Secure Design Principles
View Report
Published: 2020-09-21T00:50:12.069829Z
Last Modified: 2024-09-16T16:17:53.447Z
Copied to clipboard!