CVE-2019-20410

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-20410
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and from version 8.0.0 before 8.4.2.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
https://jira.atlassian.com/browse/JRASERVER-70884 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_software_data_center:*:*:*:*:*:*:*:*
History

30 Mar 2022, 13:16

Type Values Removed Values Added
First Time Atlassian jira Data Center
CPE cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*

25 Mar 2022, 17:22

Type Values Removed Values Added
CWE CWE-200 NVD-CWE-noinfo
First Time Atlassian jira Server
CPE cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
Information

Published : 2020-06-29 06:15

Updated : 2023-12-10 13:27

NVD link : CVE-2019-20410

Mitre link : CVE-2019-20410

CVE.ORG link : CVE-2019-20410

JSON object : View

Products Affected

atlassian

  • jira_data_center
  • jira_software_data_center
  • jira
  • jira_server
CWE
NVD-CWE-noinfo