Main Vulnerability Database Vulnerabilities #VU34184

Input validation error in Jira Software - CVE-2020-14167

Published: July 1, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34184

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-14167

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Jira Software

Software vendor:
Atlassian

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to impact the application's availability via an Denial of Service (DoS) vulnerability.

Remediation

Install update from vendor's website.

External links

https://jira.atlassian.com/browse/JRASERVER-71197

Input validation error in Jira Software - CVE-2020-14167

Description

Remediation

External links

Please verify you're human