Information disclosure in Jira Software - CVE-2019-20898

 

Information disclosure in Jira Software - CVE-2019-20898

Published: July 13, 2020 / Updated: August 8, 2020


Vulnerability identifier: #VU34156
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-20898
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Atlassian
Affected software:
Jira Software

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0.


How to mitigate CVE-2019-20898

Install update from vendor's website.

Sources