Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2020-14179 — Sensitive Information Exposure in Atlassian Jira Server
Severity
5.3MEDIUMNVD
EPSS
92.6%
top 0.26%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedSep 21
Latest updateDec 18
Description
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4
Affected Packages3 packages
🔴Vulnerability Details
2GHSA▶
GHSA-25wr-cfxr-69vm: Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via↗2022-05-24
CVEList▶
CVE-2020-14179: Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via↗2020-09-21
💥Exploits & PoCs
1Nuclei▶
Atlassian Jira Server/Data Center <8.5.8/8.6.0 - 8.11.1 - Information Disclosure