[%22Vendor] DoS through Jira Gadget API - CVE-2019-20899 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 8.7.0, 8.6.1, 8.5.4
Affects Version/s: 7.6.0, 7.13.0, 7.6.15, 8.5.0, 7.13.12, 8.5.3
Component/s: Dashboard & Gadgets
Labels:

Fixed in Long Term Support Release/s:

Download 8.5
Introduced in Version:
7.06
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API.

Affected versions:

version < 8.5.4
8.6.0

Fixed versions:

This is fixed in versions 8.5.4, 8.6.1 and 8.7.0.

Form Name

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Affected customers:: 0 This affects my team

Watchers:: 4 Start watching this issue

Created:: 23/Mar/2020 1:50 AM

Updated:: 30/Jul/2020 10:14 AM

Resolved:: 23/Mar/2020 2:19 AM

Details

Description

Attachments

Forms

Activity

[JRASERVER-70808] DoS through Jira Gadget API - CVE-2019-20899

People

Dates