Information disclosure at '████████' --- CVE-2020-14179

Research conducted on __████████__ indicates that the Atlassian Jira Server and Data Center instance allows remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the ```/secure/QueryComponent!Default.jspa``` endpoint ([CVE-2020-14179](<https://nvd.nist.gov/vuln/detail/CVE-2020-14179>)). ## The domain _███_ interpreted as in-scope The domain __████████__ is interpreted as in-scope of the [DoD VDP](<https://hackerone.com/deptofdefense>), based on the following findings: 1. The acronym "████: <https://www.█████████>. 2. The link to __█████████__ is included in the navigation menu displayed by a [Confluence instance that belongs to the█████ "████████"](<https://www.██████/confluence>): ███ \[ __Note__ \] If this interpretation is incorrect, I would very much appreciate an opportunity to self-close the report. --- ### Test traffic markers Test traffic included (when possible) the following markers: - HTTP header: ```X-Bug-Bounty: ID-aebf31c2dfb9205493c5d0ff65d59480305bdb96a85ace0c41f86c45c80a977b``` ### Test platform - Chromium v. 92.0.4515.131 - Burp Suite Community Edition Build 9276 --- ## References: 1. [CVE-2020-14179](<https://nvd.nist.gov/vuln/detail/CVE-2020-14179>) 2. [JRASERVER-71536](<https://jira.atlassian.com/browse/JRASERVER-71536>) 3. HackerOne report #1061204 4. HackerOne report #988550 5. HackerOne report #1003980 6. HackerOne report #1050454 ## Impact - A remote, unauthenticated and unauthorised attacker can access custom field names and custom SLA names. - The attacker can make a jql query using the custom SLA fields disclosed by the endpoint. ## System Host(s) ████████ ## Affected Product(s) and Version(s) Atlassian Jira Server and Data Center ## CVE Numbers CVE-2020-14179 ## Steps to Reproduce In a browser, visit <https://█████/secure/QueryComponent!Default.jspa> ████████ ## Suggested Mitigation/Remediation Actions Update the Jira instance to a version that is not vulnerable to [CVE-2020-14179](<https://nvd.nist.gov/vuln/detail/CVE-2020-14179>).