Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-70884

Information Disclosure in comment restriction feature - CVE-2019-20410

XMLWordPrintable

      Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature.

      Affected versions:

      • version < 7.6.17
      • 7.7.0 ≤ version < 7.13.9
      • 8.0.0 ≤ version < 8.4.2

      Fixed versions:

      • 7.6.17
      • 7.13.9
      • 8.4.2
      • 8.5.0

            [JRASERVER-70884] Information Disclosure in comment restriction feature - CVE-2019-20410

            David Black made changes -
            Labels Original: CVE-2019-20410 advisory advisory-to-release cvss-medium er85 information-disclosure monsters pse-request security warranty New: CVE-2019-20410 advisory advisory-released cvss-medium er85 information-disclosure monsters pse-request security warranty
            AB made changes -
            Labels Original: CVE-2019-20410 advisory advisory-to-release cve-in-progress cvss-medium er85 information-disclosure monsters pse-request security warranty New: CVE-2019-20410 advisory advisory-to-release cvss-medium er85 information-disclosure monsters pse-request security warranty
            David Black made changes -
            Summary Original: Information Disclosure in comment restriction feature New: Information Disclosure in comment restriction feature - CVE-2019-20410
            David Black made changes -
            Labels Original: advisory advisory-to-release cve-in-progress cvss-medium er85 information-disclosure monsters pse-request security warranty New: CVE-2019-20410 advisory advisory-to-release cve-in-progress cvss-medium er85 information-disclosure monsters pse-request security warranty
            AB made changes -
            Labels Original: advisory advisory-to-release cvss-medium er85 information-disclosure monsters pse-request security warranty New: advisory advisory-to-release cve-in-progress cvss-medium er85 information-disclosure monsters pse-request security warranty
            set-jac-bot made changes -
            Fixed in Enterprise Release/s New: [Download 7.13, 7.6, 8.5|https://confluence.atlassian.com/enterprise/atlassian-enterprise-releases-948227420.html]
            Bugfix Automation Bot made changes -
            Introduced in Version New: 7.13
            AB made changes -
            Summary Original: Sanitised security issue 3d81c5b4795404435ed75f45398ecc1ceaf2639b9b1876ec04b5a2867a393a41 New: Information Disclosure in comment restriction feature
            AB made changes -
            Security Original: Atlassian Staff [ 10750 ]
            AB made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Needs Triage [ 10030 ] New: Closed [ 6 ]

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: