Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint on ████████
Medium
U
U.S. Dept Of Defense
Submitted None
Actions:
Reported by
njmulsqb
Vulnerability Details
Technical details and impact analysis
**Description:**
Hi,
While going through the testing of DoD assets, I have came across a subdomain that is vulnerable to CVE-2020-14179. Some of the internal fields that are exposed are Project, Status, Limits, Creator, Query, Created Date, Updated Date, Resolution Date, etc.
## References
https://jira.atlassian.com/browse/JRASERVER-71536
https://www.cvedetails.com/cve/CVE-2020-14179
## Impact
It allows unauthenticated attackers like me to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint.
## System Host(s)
███
## Affected Product(s) and Version(s)
## CVE Numbers
CVE-2020-14179
## Steps to Reproduce
1. Open browser
2. Hit endpoint */jira/secure/QueryComponent!Default.jspa* in the target
3. Observe the results.
## Suggested Mitigation/Remediation Actions
Related CVEs
Associated Common Vulnerabilities and Exposures
CVE-2020-14179
UNKNOWN
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Information Disclosure