CVE-2019-20403Sensitive Information Exposure in Atlassian Jira Server

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.4%
top 36.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Atlassian Jira ServerAtlassian Jira Data Center
Timeline
PublishedFeb 6
Latest updateMay 24

Description

The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

NVDatlassian/jira_data_center7.13.08.5.5
CVEListV5atlassian/jira_serverunspecified8.6.0

🔴Vulnerability Details

2
GHSA
GHSA-gw9f-7gjm-4824: The API in Atlassian Jira Server and Data Center before version 82022-05-24
CVEList
CVE-2019-20403: The API in Atlassian Jira Server and Data Center before version 82020-02-06
CVE-2019-20403 — Sensitive Information Exposure | cvebase