Main Vulnerability Database Vulnerabilities #VU30161

Information disclosure in Jira Software - CVE-2019-20410

Published: June 29, 2020 / Updated: July 17, 2020

Vulnerability identifier: #VU30161

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-20410

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Jira Software

Software vendor:
Atlassian

Description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and from version 8.0.0 before 8.4.2.

Remediation

Install update from vendor's website.

External links

https://jira.atlassian.com/browse/JRASERVER-70884

Information disclosure in Jira Software - CVE-2019-20410

Description

Remediation

External links

Please verify you're human