cbcvebase.
CVE-2019-20899
published 2020-07-13

CVE-2019-20899: The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a…

medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1.

Affected

9 ranges
VendorProductVersion rangeFixed in
atlassianjira< 8.5.48.5.4
atlassianjira_data_center>= 8.5.5 < 8.6.18.6.1
atlassianjira_data_center>= 8.6.2 < 8.7.08.7.0
atlassianjira_server>= 8.5.5 < 8.6.18.6.1
atlassianjira_server>= 8.6.0 < unspecifiedunspecified
atlassianjira_server>= 8.6.2 < 8.7.08.7.0
atlassianjira_server>= unspecified < 8.5.48.5.4
atlassianjira_server>= unspecified < 8.6.18.6.1
atlassianjira_software_data_center< 8.5.48.5.4