Open redirect in Jira Software - CVE-2019-20417

 

Open redirect in Jira Software - CVE-2019-20417

Published: July 2, 2020 / Updated: July 17, 2020


Vulnerability identifier: #VU30151
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-20417
CWE-ID: CWE-601
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Atlassian
Affected software:
Jira Software

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate internal services via an Information Disclosure vulnerability. The vulnerability is only exploitable if WebSudo is disabled in Jira. The affected versions are before version 8.4.2.


How to mitigate CVE-2019-20417

Install update from vendor's website.

Sources