CVE-2019-20899

3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.5%
top 34.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Atlassian Jira ServerAtlassian JiraAtlassian Jira Data Center+1 more
Timeline
PublishedJul 13
Latest updateMay 24

Description

The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

NVDatlassian/jira_data_center8.5.58.6.1+1
CVEListV5atlassian/jira_serverunspecified8.5.4+2
NVDatlassian/jira_server8.5.58.6.1+1
NVDatlassian/jira< 8.5.4

🔴Vulnerability Details

2
GHSA
GHSA-6p5p-qf85-v9pw: The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests t2022-05-24
CVEList
CVE-2019-20899: The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests t2020-07-13
CVE-2019-20899 (MEDIUM CVSS 5.3) | The Gadget API in Atlassian Jira Se | cvebase.io