Main Vulnerability Database Vulnerabilities #VU30152

Information disclosure in Jira Software - CVE-2020-14168

Published: July 1, 2020 / Updated: July 17, 2020

Vulnerability identifier: #VU30152

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-14168

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Jira Software

Software vendor:
Atlassian

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle (MITM) vulnerability.

Remediation

Install update from vendor's website.

External links

https://jira.atlassian.com/browse/JRASERVER-71198

Information disclosure in Jira Software - CVE-2020-14168

Description

Remediation

External links

Please verify you're human