The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability.
References
Link | Resource |
---|---|
https://jira.atlassian.com/browse/JRASERVER-70569 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
30 Mar 2022, 13:21
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:* | |
First Time |
Atlassian jira Data Center
|
25 Mar 2022, 18:14
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:* | |
First Time |
Atlassian jira Server
|
Information
Published : 2020-02-06 03:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-20404
Mitre link : CVE-2019-20404
CVE.ORG link : CVE-2019-20404
JSON object : View
Products Affected
atlassian
- jira_server
- jira_data_center
CWE