CVE-2020-14192

CWE-200 — Information Exposure3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 58.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Crucible Atlassian Fisheye

Timeline

PublishedFeb 2

Latest updateMay 24

Description

Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5atlassian/fisheyeunspecified — 4.8.4

▶NVDatlassian/fisheye< 4.8.4

▶CVEListV5atlassian/crucibleunspecified — 4.8.4

▶NVDatlassian/crucible< 4.8.4

🔴Vulnerability Details

GHSA

GHSA-rqwp-hg2g-ffp2: Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the↗2022-05-24

▶

CVEList

CVE-2020-14192: Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the↗2021-02-01

▶