CVE-2020-14168
published 2020-07-01CVE-2020-14168: The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows…
medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle (MITM) vulnerability.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | jira | < 7.13.14 | 7.13.14 |
| atlassian | jira_data_center | >= 8.5.0 < 8.5.5 | 8.5.5 |
| atlassian | jira_data_center | >= 8.8.0 < 8.8.2 | 8.8.2 |
| atlassian | jira_data_center | >= 8.9.0 < 8.9.1 | 8.9.1 |
| atlassian | jira_server | >= 8.5.0 < 8.5.5 | 8.5.5 |
| atlassian | jira_server | >= 8.8.0 < 8.8.2 | 8.8.2 |
| atlassian | jira_server | >= 8.9.0 < 8.9.1 | 8.9.1 |
| atlassian | jira_server_and_data_center | >= 8.5.0 < unspecified | unspecified |
| atlassian | jira_server_and_data_center | >= 8.8.0 < unspecified | unspecified |
| atlassian | jira_server_and_data_center | >= 8.9.0 < unspecified | unspecified |
| atlassian | jira_server_and_data_center | >= unspecified < 7.13.16 | 7.13.16 |
| atlassian | jira_server_and_data_center | >= unspecified < 8.5.7 | 8.5.7 |
| atlassian | jira_server_and_data_center | >= unspecified < 8.8.2 | 8.8.2 |
| atlassian | jira_server_and_data_center | >= unspecified < 8.9.1 | 8.9.1 |
| atlassian | jira_software_data_center | < 7.13.14 | 7.13.14 |