U.S. Dept Of Defense: Sensitive data exposure via https://████████.mil/secure/QueryComponent!Default.jspa - CVE-2020-14179

Summary:
Information Disclosure vulnerability in outdated Jira.

Description:
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint.
Additional details from Atlassian and related CVE-2020-14179

Screenshot: ██████████
JSON output of exposed information: █████

Step-by-step Reproduction Instructions

1. Visit URL: https://█████████.mil/secure/QueryComponent!Default.jspa to view exposed information in any web browser.

Product, Version, and Configuration (If applicable)

The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.
Your currently instilled version is 8.11.0 which is displayed in page source - screenshot █████████

Suggested Mitigation/Remediation Actions

Update affected Jira version according to vendor instructions.

Thank you.

Impact

Unauthenticated attackers to view custom Jira field names and custom SLA names.