cbcvebase.
CVE-2020-14179
published 2020-09-21

CVE-2020-14179: Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an…

PriorityP261medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
76.04%
99.5th percentile
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.

Affected

7 ranges
VendorProductVersion rangeFixed in
atlassianjira_data_center< 8.5.88.5.8
atlassianjira_data_center>= 8.6.0 < 8.11.18.11.1
atlassianjira_server< 8.5.88.5.8
atlassianjira_server>= 8.6.0 < unspecifiedunspecified
atlassianjira_server>= 8.6.0 < 8.11.18.11.1
atlassianjira_server>= unspecified < 8.5.88.5.8
atlassianjira_server>= unspecified < 8.11.18.11.1

Detection & IOCsextracted from sources · hover to see the quote

path/secure/QueryComponent!Default.jspa
path/rest/menu/latest/admin
path/rest/api/2/projectCategory
path/rest/api/2/resolution
yara
words: '{"searchers":' AND '"groups":' AND '"id":"customfield'
  • Send an unauthenticated HTTP GET request to /secure/QueryComponent!Default.jspa and match the response body for the JSON keys '{"searchers":', '"groups":', and '"id":"customfield' with HTTP 200 status to confirm exploitation.
  • Shodan queries 'http.component:"Atlassian Jira"' and 'http.component:"atlassian jira"' can be used to identify exposed Jira instances for targeted scanning.
  • Unauthenticated GET requests to /rest/api/2/projectCategory?maxResults=1000, /rest/menu/latest/admin?maxResults=1000, and /rest/api/2/resolution?maxResults=1000 also expose sensitive data on vulnerable Jira instances.
  • ·The vulnerability affects Jira Server and Data Center versions before 8.5.8 and from 8.6.0 before 8.11.1; instances outside this range are not vulnerable via this CVE.
  • ·Anonymous access to /rest/menu/latest/admin has no feature flag to disable it on Jira 8.x; only upgrading to Jira 9.0 restricts it.

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.