CVE-2019-14997Use of Cache Containing Sensitive Information in Atlassian Jira

CWE-524Use of Cache Containing Sensitive Information3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 57.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Atlassian JiraAtlassian Jira Server
Timeline
PublishedSep 11
Latest updateMay 24

Description

The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5atlassian/jiraunspecified8.4.0
NVDatlassian/jira_server7.13.08.4.0

🔴Vulnerability Details

2
GHSA
GHSA-3cvq-p878-rmp8: The AccessLogFilter class in Jira before version 82022-05-24
CVEList
CVE-2019-14997: The AccessLogFilter class in Jira before version 82019-09-11
CVE-2019-14997 — Atlassian Jira vulnerability | cvebase