CVE-2020-14179
21.09.2020, 01:15
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.Enginsight
| Vendor | Product | Version |
|---|---|---|
| atlassian | jira_data_center | 𝑥 < 8.5.8 |
| atlassian | jira_data_center | 8.6.0 ≤ 𝑥 < 8.11.1 |
| atlassian | jira_server | 𝑥 < 8.5.8 |
| atlassian | jira_server | 8.6.0 ≤ 𝑥 < 8.11.1 |
𝑥
= Vulnerable software versions