CVE-2019-20410 — Sensitive Information Exposure in Atlassian Jira Server

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 43.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Jira Server Atlassian Jira Atlassian Jira Data Center +1 more

Timeline

PublishedJun 29

Latest updateMay 24

Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and from version 8.0.0 before 8.4.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶NVDatlassian/jira_data_center7.7.0 — 7.13.9+1

▶NVDatlassian/jira_software_data_center< 7.6.17

▶CVEListV5atlassian/jira_serverunspecified — 7.6.17+4

▶NVDatlassian/jira_server7.7.0 — 7.13.9+1

▶NVDatlassian/jira< 7.6.17

🔴Vulnerability Details

GHSA

GHSA-x36q-hfg7-f4qc: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerab↗2022-05-24

▶

CVEList

CVE-2019-20410: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerab↗2020-06-29

▶