Main Vulnerability Database Vulnerabilities #VU34201

Input validation error in Jira Software - CVE-2020-4028

Published: June 23, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34201

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-4028

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Atlassian

Affected software:
Jira Software

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure vulnerability.

How to mitigate CVE-2020-4028

Install update from vendor's website.

Sources

https://jira.atlassian.com/browse/JRASERVER-71175

Input validation error in Jira Software - CVE-2020-4028

Detailed vulnerability description

How to mitigate CVE-2020-4028

Sources

Please verify you're human