Uploaded image for project: 'Jira Cloud'
  1. Jira Cloud
  2. JRACLOUD-75661

Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint - CVE-2020-14179

    XMLWordPrintable

Details

    Description

      Issue Summary

      Jira Cloud allows remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint.

      Steps to Reproduce

      1. Access the Jira Cloud URL: https://hostname.atlassian.net/secure/QueryComponent!Default.jspa as anonymous user without logging in.

      Expected Results

      The endpoint should not expose custom field names etc.

      Actual Results

      It shows custom field names and custom SLA names.

      Update

      We have tested this issue in Jira Cloud and have found that the issue described in the ticket is not reproducible. If an unauthorised user tries to access the URL, the user can see default Jira fields - that are the same for any instance, not custom fields. Thus no sensitive information gets exposed & we have closed this ticket.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-71536 Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint - CVE-2020-14179

          • Highest - Our top priority issues
          • Gathering Impact

          Suggestion - JRACLOUD-81340 Stop rendering data at /secure/QueryComponent!Default.jspa

          • Gathering Interest

          Activity

            People

              Unassigned Unassigned
              vvisanakarrala Veera (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              23 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: