Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-14181Sensitive Information Exposure in Atlassian Jira Server

CWE-200Sensitive Information Exposure6 documents6 sources
Severity
5.3MEDIUMNVD
EPSS
93.0%
top 0.22%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Atlassian Jira ServerAtlassian Data CenterAtlassian Jira
Timeline
PublishedSep 17
Latest updateMay 24

Description

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

CVEListV5atlassian/jira_serverunspecified7.13.6+4
NVDatlassian/data_center8.0.08.5.7+2
NVDatlassian/jira_server8.0.08.5.7+1
NVDatlassian/jira< 7.13.6

🔴Vulnerability Details

2
GHSA
GHSA-hpxx-cq4g-w5wr: Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerabilit2022-05-24
CVEList
CVE-2020-14181: Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerabilit2020-09-17

💥Exploits & PoCs

2
Exploit-DB
Atlassian JIRA 8.11.1 - User Enumeration2021-03-10
Nuclei
Jira Server and Data Center - Information Disclosure

🔍Detection Rules

1
Suricata
ET EXPLOIT Possible Jira User Enumeration Attempts (CVE-2020-14181)2020-10-21
CVE-2020-14181 — Sensitive Information Exposure | cvebase