Information disclosure in Jira Software - CVE-2019-20410

 

Information disclosure in Jira Software - CVE-2019-20410

Published: June 29, 2020 / Updated: July 17, 2020


Vulnerability identifier: #VU30161
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-20410
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Atlassian
Affected software:
Jira Software

Detailed vulnerability description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and from version 8.0.0 before 8.4.2.


How to mitigate CVE-2019-20410

Install update from vendor's website.

Sources