Main Vulnerability Database Vulnerabilities #VU30151

Open redirect in Jira Software - CVE-2019-20417

Published: July 2, 2020 / Updated: July 17, 2020

Vulnerability identifier: #VU30151

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-20417

CWE-ID: CWE-601

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Jira Software

Software vendor:
Atlassian

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate internal services via an Information Disclosure vulnerability. The vulnerability is only exploitable if WebSudo is disabled in Jira. The affected versions are before version 8.4.2.

Remediation

Install update from vendor's website.

External links

https://jira.atlassian.com/browse/JRASERVER-70408?
https://jira.atlassian.com/browse/JRASERVER-70886

Open redirect in Jira Software - CVE-2019-20417

Description

Remediation

External links

Please verify you're human