CVE-2020-14180 — Sensitive Information Exposure in Atlassian Jira Service Desk Server

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 54.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Jira Service Desk Server Atlassian Jira Service Desk

Timeline

PublishedSep 21

Latest updateMay 24

Description

Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are before version 4.12.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5atlassian/jira_service_desk_serverunspecified — 4.12.0

▶NVDatlassian/jira_service_desk< 4.12.0

🔴Vulnerability Details

GHSA

GHSA-2mx8-3jpw-29fq: Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Proje↗2022-05-24

▶

CVEList

CVE-2020-14180: Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Proje↗2020-09-21

▶