Loading HuntDB...

Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint on ████████

Medium
U
U.S. Dept Of Defense
Submitted None
Reported by njmulsqb

Vulnerability Details

Technical details and impact analysis

Information Disclosure
**Description:** Hi, While going through the testing of DoD assets, I have came across a subdomain that is vulnerable to CVE-2020-14179. Some of the internal fields that are exposed are Project, Status, Limits, Creator, Query, Created Date, Updated Date, Resolution Date, etc. ## References https://jira.atlassian.com/browse/JRASERVER-71536 https://www.cvedetails.com/cve/CVE-2020-14179 ## Impact It allows unauthenticated attackers like me to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. ## System Host(s) ███ ## Affected Product(s) and Version(s) ## CVE Numbers CVE-2020-14179 ## Steps to Reproduce 1. Open browser 2. Hit endpoint */jira/secure/QueryComponent!Default.jspa* in the target 3. Observe the results. ## Suggested Mitigation/Remediation Actions

Related CVEs

Associated Common Vulnerabilities and Exposures

Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Information Disclosure