Lucene search

AtlassianCVELIST:CVE-2020-14180

HistorySep 21, 2020 - 12:55 a.m.

CVE-2020-14180

2020-09-2100:55:12

atlassian

www.cve.org

cve-2020-14180

atlassian jira

information disclosure

remote attack

project request-types

data center

server

authentication

non-administrator

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

35.3%

JSON

Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are before version 4.12.0.

CNA Affected

[
  {
    "product": "Jira Service Desk Server",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "4.12.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

jira.atlassian.com/browse/JSDSERVER-6917