CVE-2020-14179
published 2020-09-21CVE-2020-14179: Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an…
PriorityP261medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
76.04%
99.5th percentile
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | jira_data_center | < 8.5.8 | 8.5.8 |
| atlassian | jira_data_center | >= 8.6.0 < 8.11.1 | 8.11.1 |
| atlassian | jira_server | < 8.5.8 | 8.5.8 |
| atlassian | jira_server | >= 8.6.0 < unspecified | unspecified |
| atlassian | jira_server | >= 8.6.0 < 8.11.1 | 8.11.1 |
| atlassian | jira_server | >= unspecified < 8.5.8 | 8.5.8 |
| atlassian | jira_server | >= unspecified < 8.11.1 | 8.11.1 |
Detection & IOCsextracted from sources · hover to see the quote
yara
words: '{"searchers":' AND '"groups":' AND '"id":"customfield'- →Send an unauthenticated HTTP GET request to /secure/QueryComponent!Default.jspa and match the response body for the JSON keys '{"searchers":', '"groups":', and '"id":"customfield' with HTTP 200 status to confirm exploitation. ↗
- →Shodan queries 'http.component:"Atlassian Jira"' and 'http.component:"atlassian jira"' can be used to identify exposed Jira instances for targeted scanning.
- →Unauthenticated GET requests to /rest/api/2/projectCategory?maxResults=1000, /rest/menu/latest/admin?maxResults=1000, and /rest/api/2/resolution?maxResults=1000 also expose sensitive data on vulnerable Jira instances. ↗
- ·The vulnerability affects Jira Server and Data Center versions before 8.5.8 and from 8.6.0 before 8.11.1; instances outside this range are not vulnerable via this CVE. ↗
- ·Anonymous access to /rest/menu/latest/admin has no feature flag to disable it on Jira 8.x; only upgrading to Jira 9.0 restricts it. ↗
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Atlassian Jira Server/Data Center <8.5.8/8.6.0 - 8.11.1 - Information Disclosure
nuclei·CVSS 5.3
CVE-2020-14179 [MEDIUM] Atlassian Jira Server/Data Center <8.5.8/8.6.0 - 8.11.1 - Information Disclosure
Atlassian Jira Server/Data Center <8.5.8/8.6.0 - 8.11.1 - Information Disclosure
Atlassian Jira Server and Data Center before 8.5.8 and 8.6.0 through 8.11.1 are susceptible to information disclosure via the /secure/QueryComponent!Default.jspa endpoint. An attacker can view custom field names and custom SLA names.
Template:
id: CVE-2020-14179
info:
name: Atlassian Jira Server/Data Center <8.5.8/8.6.0 - 8.11.1 - Information Disclosure
author: x1m_martijn
severity: medium
description: Atlassian Jira Server and Data Center before 8.5.8 and 8.6.0 through 8.11.1 are susceptible to information disclosure via the /secure/QueryComponent!Default.jspa endpoint. An attacker can view custom field names and custom SLA names.
impact: |
An attacker can exploit this vulnerability to gain access to sens
HackerOne
Sensitive data exposure via /secure/███████ endpoint on ████████
hackerone·2024-12-18·CVSS 5.3
CVE-2020-14179 [MEDIUM] Sensitive data exposure via /secure/███████ endpoint on ████████
Sensitive data exposure via /secure/███████ endpoint on ████████
**Description:**
Hi,
While going through the testing of DoD assets, I have came across a subdomain that is vulnerable to CVE-2020-14179. Some of the internal fields that are exposed are Project, Status, Limits, Creator, Query, Created Date, Updated Date, Resolution Date, etc.
## References
https://jira.atlassian.com/browse/JRASERVER-71536
https://www.cvedetails.com/cve/CVE-2020-14179
## Impact
It allows unauthenticated attackers like me to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/████████ endpoint.
## System Host(s)
████
## Affected Product(s) and Version(s)
## CVE Numbers
CVE-2020-14179
## Steps to Reproduce
1. Open browser
2. Hit endpoint * /jira/secur
HackerOne
[███████] Information disclosure due unauthenticated access to APIs and system browser functions
hackerone·2023-11-03·CVSS 5.3
[MEDIUM] [███████] Information disclosure due unauthenticated access to APIs and system browser functions
[███████] Information disclosure due unauthenticated access to APIs and system browser functions
**Description:**
Multiple information exposure vulnerabilites were identified in a Jira Server instance (unauthenticated access to APIs and system browser functions). This report describes a combination of two separate vulnerabilities in two separate services This chain of vulnerabilities allows unauthenticated attacker to run arbitrary code on a server inside the company's internal network. the vulnerable registered as references JRASERVER-73060
## References
https://jira.atlassian.com/browse/JRASERVER-73060
https://nvd.nist.gov/vuln/detail/CVE-2020-14179
## Impact
Unauthorised access and the data should not be visible.
Project categories, resolutions, and usernames are listed even if the
HackerOne
[U.S. Air Force] Information disclosure due unauthenticated access to APIs and system browser functions
hackerone·2023-01-27·CVSS 5.3
[MEDIUM] [U.S. Air Force] Information disclosure due unauthenticated access to APIs and system browser functions
[U.S. Air Force] Information disclosure due unauthenticated access to APIs and system browser functions
**Description:**
Multiple information exposure vulnerabilites were identified in a Jira Server instance (unauthenticated access to APIs and system browser functions). This report describes a combination of two separate vulnerabilities in two separate services This chain of vulnerabilities allows unauthenticated attacker to run arbitrary code on a server inside the company's internal network. the vulnerable registered as references [JRASERVER-73060](https://jira.atlassian.com/browse/JRASERVER-73060)
## References
https://jira.atlassian.com/browse/JRASERVER-73060
https://nvd.nist.gov/vuln/detail/CVE-2020-14179
## Impact
Unauthorised access and the data should not be visible.
Project ca
HackerOne
Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint on ████████
hackerone·2022-04-29·CVSS 5.3
CVE-2020-14179 [MEDIUM] Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint on ████████
Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint on ████████
**Description:**
Hi,
While going through the testing of DoD assets, I have came across a subdomain that is vulnerable to CVE-2020-14179. Some of the internal fields that are exposed are Project, Status, Limits, Creator, Query, Created Date, Updated Date, Resolution Date, etc.
## References
https://jira.atlassian.com/browse/JRASERVER-71536
https://www.cvedetails.com/cve/CVE-2020-14179
## Impact
It allows unauthenticated attackers like me to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint.
## System Host(s)
███
## Affected Product(s) and Version(s)
## CVE Numbers
CVE-2020-14179
## Steps to Reproduce
1. Ope
HackerOne
Information disclosure at '████████' --- CVE-2020-14179
hackerone·2021-09-29·CVSS 5.3
CVE-2020-14179 [MEDIUM] Information disclosure at '████████' --- CVE-2020-14179
Information disclosure at '████████' --- CVE-2020-14179
Research conducted on __████████__ indicates that the Atlassian Jira Server and Data Center instance allows remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the ```/secure/QueryComponent!Default.jspa``` endpoint ([CVE-2020-14179]()).
## The domain _███_ interpreted as in-scope
The domain __████████__ is interpreted as in-scope of the [DoD VDP](), based on the following findings:
1. The acronym "████: .
2. The link to __█████████__ is included in the navigation menu displayed by a [Confluence instance that belongs to the█████ "████████"]():
███
\[ __Note__ \] If this interpretation is incorrect, I would very much appreciate an opportunity to self-clo
HackerOne
Sensitive data exposure via https://███████/jira//secure/QueryComponent!Default.jspa - CVE-2020-14179
hackerone·2021-09-09·CVSS 5.3
CVE-2020-14179 [MEDIUM] Sensitive data exposure via https://███████/jira//secure/QueryComponent!Default.jspa - CVE-2020-14179
Sensitive data exposure via https://███████/jira//secure/QueryComponent!Default.jspa - CVE-2020-14179
Description:
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint.
## Impact
https://jira.atlassian.com/browse/JRASERVER-71536
https://hackerone.com/reports/1003980
## System Host(s)
████
## Affected Product(s) and Version(s)
## CVE Numbers
CVE-2020-14179
## Steps to Reproduce
Step-by-step Reproduction Instructions
URL:https://██████/jira//secure/QueryComponent!Default.jspa
## Suggested Mitigation/Remediation Actions
HackerOne
CVE 2020 14179 on jira instance
hackerone·2021-02-18
[MEDIUM] CVE 2020 14179 on jira instance
CVE 2020 14179 on jira instance
**Summary:**
An remote attacker can view the custom sla fields used in the jira instance and also can use the sla fields to make a jql query.
## Impact
Information disclosure of the custom sla fields, senstive information leakage throught he jql query parameter
Read more about the impact here:
https://jira.atlassian.com/browse/JRASERVER-71536
## Step-by-step Reproduction Instructions
Copy the url mentioned below and paste it over the browser to see the name of the sla fields.
https://███████.mil/jira/secure/QueryComponent!Default.jspa
Use this url to check the execution of jql query.
https://███.mil/jira/secure/QueryComponent!Jql.jspa?jql=reporter=███████
## Product, Version, and Configuration (If applicable)
## Suggested Mitigation/Remediation Actio
HackerOne
Sensitive data exposure via https://███/secure/QueryComponent!Default.jspa - CVE-2020-14179
hackerone·2021-01-12·CVSS 5.3
CVE-2020-14179 [MEDIUM] Sensitive data exposure via https://███/secure/QueryComponent!Default.jspa - CVE-2020-14179
Sensitive data exposure via https://███/secure/QueryComponent!Default.jspa - CVE-2020-14179
##Summary:
Information Disclosure vulnerability in outdated Jira.
##Description:
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint.
Step-by-step Reproduction Instructions
Visit URL: https://████████/secure/QueryComponent!Default.jspa to view exposed information in any web browser.
##Product, Version, and Configuration
The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.
Suggested Mitigation/Remediation Actions
Update affected Jira version according to vendor instructio
HackerOne
Sensitive data exposure via https://███████/secure/QueryComponent!Default.jspa - CVE-2020-14179
hackerone·2021-01-12·CVSS 5.3
CVE-2020-14179 [MEDIUM] Sensitive data exposure via https://███████/secure/QueryComponent!Default.jspa - CVE-2020-14179
Sensitive data exposure via https://███████/secure/QueryComponent!Default.jspa - CVE-2020-14179
##Summary:
Information Disclosure vulnerability in outdated Jira.
##Description:
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint.
## Step-by-step Reproduction Instructions
1.Go to
https://███/secure/QueryComponent!Default.jspa to view exposed information in any web browser.
## Product, Version, and Configuration
The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.
## Suggested Mitigation/Remediation Actions
Update affected Jira version according to vendor instr
HackerOne
CVE-2020-14179 on https://jira.theendlessweb.com/secure/QueryComponent!Default.jspa leads to information disclosure
hackerone·2020-11-20·CVSS 5.3
CVE-2020-14179 [MEDIUM] CVE-2020-14179 on https://jira.theendlessweb.com/secure/QueryComponent!Default.jspa leads to information disclosure
CVE-2020-14179 on https://jira.theendlessweb.com/secure/QueryComponent!Default.jspa leads to information disclosure
Hello theendlessweb team,
## Summary:
the Jira instance on jira.theendlessweb.com is vulnerable to CVE-2020-14179 which allows remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability
{F1029731}
## Steps To Reproduce:
Navigate to https://jira.theendlessweb.com/secure/QueryComponent!Default.jspa
## Supporting Material/References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14179
##Remediation
Upgrading your jira instance to the most up-to-date one.
##Best Regards,
nagli.
## Impact
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view
HackerOne
Sensitive data exposure via https://████████.mil/secure/QueryComponent!Default.jspa - CVE-2020-14179
hackerone·2020-10-16·CVSS 5.3
CVE-2020-14179 [MEDIUM] Sensitive data exposure via https://████████.mil/secure/QueryComponent!Default.jspa - CVE-2020-14179
Sensitive data exposure via https://████████.mil/secure/QueryComponent!Default.jspa - CVE-2020-14179
**Summary:**
Information Disclosure vulnerability in outdated Jira.
**Description:**
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint.
Additional details from [Atlassian][1] and related [CVE-2020-14179][2]
Screenshot: ██████████
JSON output of exposed information: █████
## Step-by-step Reproduction Instructions
1. Visit URL: https://█████████.mil/secure/QueryComponent!Default.jspa to view exposed information in any web browser.
## Product, Version, and Configuration (If applicable)
The affected
Recorded Future
Analyze Recent Atlassian Vulnerabilities and Keep Your Infrastructure Protected
blogs_recorded_future·CVSS 9.6
[CRITICAL] Analyze Recent Atlassian Vulnerabilities and Keep Your Infrastructure Protected
## Analyze Recent Atlassian Vulnerabilities and Keep Your Infrastructure Protected
For years, software solutions built by Atlassian have found their way to nearly every organization's software stack. Tools such as JIRA, Confluence, Bamboo, and BitBucket are often seen playing a crucial role in various departments across enterprises.
From managing projects or handling organization-wide documentation, to hosting the very code of a product being developed by the organization, the constant reliance upon and amount of historical data held within these applications have turned them into a lucrative target for attackers, expanding the attack surface in the process.
## Historical Atlassian Vulnerabilities
Traditionally, vulnerabilities within the Atlassian software stack have originated from d
Recorded Future
Analyze Recent Atlassian Vulnerabilities and Keep Your Infrastructure Protected
blogs_recorded_future·CVSS 9.6
[CRITICAL] Analyze Recent Atlassian Vulnerabilities and Keep Your Infrastructure Protected
# Analyze Recent Atlassian Vulnerabilities and Keep Your Infrastructure Protected
For years, software solutions built by Atlassian have found their way to nearly every organization's software stack. Tools such as JIRA, Confluence, Bamboo, and BitBucket are often seen playing a crucial role in various departments across enterprises.
From managing projects or handling organization-wide documentation, to hosting the very code of a product being developed by the organization, the constant reliance upon and amount of historical data held within these applications have turned them into a lucrative target for attackers, expanding the attack surface in the process.
## Historical Atlassian Vulnerabilities
Traditionally, vulnerabilities within the Atlassian software stack have originated from di
2020-09-21
Published