Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
atlassian[email protected]JRASERVER-71560
HistorySep 16, 2020 - 3:13 a.m.

User Enumeration via /ViewUserHover.jspa - CVE-2020-14181

2020-09-1603:13:06
[email protected]
jira.atlassian.com
16

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.965 High

EPSS

Percentile

99.6%

JSON

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint.

This vulnerability was discovered byย Mikhail Klyuchnikov ofย Positive Technologies.

Affected versions:

  • version < 7.13.16
  • 8.0.0 โ‰ค version < 8.5.7
  • 8.6.0 โ‰ค version < 8.12.0

Fixed versions:

  • 7.13.16
  • 8.5.7
  • 8.12.0

Affected configurations

Vulners
Node
atlassianjira_data_centerRangeโ‰ค5.0
OR
atlassianjira_data_centerRange<8.12.0
OR
atlassianjira_data_centerRange<7.13.16
OR
atlassianjira_data_centerRange<8.5.7

Related

atlassian 3
cvelist 1
nvd 1
nuclei 1
zdt 1
packetstorm 1
cve 1
attackerkb 1
checkpoint_advisories 1
prion 1
nessus 1
exploitdb 1
githubexploit 2
rapid7blog 1
wallarmlab 1
atlassian
atlassian
User Enumeration via /ViewUserHover.jspa - CVE-2020-14181
2020-09-16 03:13:06
Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint - CVE-2020-14179
2020-09-10 04:31:31
Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint - CVE-2020-14179
2020-09-10 04:31:31
cvelist
cvelist
CVE-2020-14181
2020-09-16 00:00:00
nvd
nvd
CVE-2020-14181
2020-09-17 01:15:11
nuclei
nuclei
Jira Server and Data Center - Information Disclosure
2020-09-30 20:36:12
zdt
zdt
Atlassian JIRA 8.11.1 - User Enumeration Exploit
2021-03-10 00:00:00
packetstorm
packetstorm
Atlassian JIRA 8.11.1 User Enumeration
2021-03-10 00:00:00
cve
cve
CVE-2020-14181
2020-09-17 01:15:11
attackerkb
attackerkb
CVE-2020-14181
2020-09-16 00:00:00
checkpoint_advisories
checkpoint_advisories
Atlassian Jira Server Information Disclosure (CVE-2020-14181)
2020-11-05 00:00:00
prion
prion
Information disclosure
2020-09-17 01:15:00
nessus
nessus
Atlassian Jira < 7.13.16 / 8.x < 8.5.7 / 8.6.x < 8.12.0 User Enumeration (JRASERVER-71560)
2020-09-24 00:00:00
exploitdb
exploitdb
Atlassian JIRA 8.11.1 - User Enumeration
2021-03-10 00:00:00
githubexploit
githubexploit
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Atlassian Data Center
2020-10-26 17:07:28
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Atlassian Data Center
2021-02-05 07:48:19
rapid7blog
rapid7blog
Metasploit Wrap-Up
2021-09-17 19:59:18
wallarmlab
wallarmlab
Web vulnerabilities exploit weekly digest #1. March 8-15th 2021. VMware vCenter and Apache OFBiz RCE.
2021-03-16 18:22:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.965 High

EPSS

Percentile

99.6%

JSON
Related for JRASERVER-71560
atlassian3cvelist1nvd1nuclei1zdt1packetstorm1cve1attackerkb1checkpoint_advisories1prion1nessus1exploitdb1githubexploit2rapid7blog1wallarmlab1