[JRASERVER-71197] Denial of service in Dashboard & Gadgets - CVE-2020-14167 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Low (View bug fix roadmap)
Fix Version/s: 7.13.14, 8.5.5, 8.8.2, 8.10.0, 8.9.1
Affects Version/s: 7.6.15, 8.5.4, 7.13.13, 8.8.1
Component/s: Dashboard & Gadgets
Labels:

Fixed in Long Term Support Release/s:

Download 7.13, 8.5
Introduced in Version:
7.06
Symptom Severity:
Severity 1 - Critical
Bug Fix Policy:
View Atlassian Server bug fix policy

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in Dashboard & Gadgets.

Affected versions:

version < 7.13.14
8.5.0 ≤ version < 8.5.5
8.8.0 ≤ version < 8.8.2
8.9.0 ≤ version < 8.9.1

Fixed versions:

7.13.14
8.5.5
8.8.2
8.9.1
8.10.0

mentioned in: Page Failed to load; Page Failed to load

Mark Lang made changes - 13/Oct/2020 1:45 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 509305 ]

Mark Lang made changes - 20/Aug/2020 3:30 AM

Remote Link

New: This issue links to "Page (Confluence)" [ 500451 ]

alexmin (Inactive) made changes - 01/Jul/2020 12:41 AM

Labels

Original: CVE-2020-14167 advisory advisory-to-release bugbounty cvss-high denial-of-service dos monsters security

New: CVE-2020-14167 advisory advisory-released bugbounty cvss-high denial-of-service dos monsters security

alexmin (Inactive) made changes - 01/Jul/2020 12:41 AM

Security

Original: Atlassian Staff [ 10750 ]

alexmin (Inactive) made changes - 19/Jun/2020 12:54 AM

Resolution		New: Fixed [ 1 ]
Status	Original: Needs Triage [ 10030 ]	New: Closed [ 6 ]

alexmin (Inactive) made changes - 19/Jun/2020 12:53 AM

Summary

Original: Denial of service in Dashboard & Gadgets - CVE-PENDING

New: Denial of service in Dashboard & Gadgets - CVE-2020-14167

alexmin (Inactive) made changes - 19/Jun/2020 12:53 AM

Labels

Original: advisory advisory-to-release bugbounty cvss-high denial-of-service dos monsters security

New: CVE-2020-14167 advisory advisory-to-release bugbounty cvss-high denial-of-service dos monsters security

alexmin (Inactive) made changes - 19/Jun/2020 12:22 AM

Description

Original: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in Dashboard & Gadgets.

*Affected versions:*
* version < 7.13.14
* 7.14.0 ≤ version < 8.5.5
* 8.6.0 ≤ version < 8.8.2
* 8.9.0 ≤ version < 8.9.1

*Fixed versions:*
* 7.13.14
* 8.5.5
* 8.8.2
* 8.9.1
* 8.10.0

New: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in Dashboard & Gadgets.

*Affected versions:*
* version < 7.13.14
* 8.5.0 ≤ version < 8.5.5
* 8.8.0 ≤ version < 8.8.2
* 8.9.0 ≤ version < 8.9.1

*Fixed versions:*
* 7.13.14
* 8.5.5
* 8.8.2
* 8.9.1
* 8.10.0

Andriy Yakovlev [Atlassian] made changes - 18/Jun/2020 12:11 PM

Labels

Original: advisory advisory-to-release bugbounty cvss-high denial-of-service dos lts813 monsters security

New: advisory advisory-to-release bugbounty cvss-high denial-of-service dos monsters security

Andriy Yakovlev [Atlassian] made changes - 18/Jun/2020 12:10 PM

Labels

Original: advisory advisory-to-release bugbounty cvss-high denial-of-service dos monsters security

New: advisory advisory-to-release bugbounty cvss-high denial-of-service dos lts813 monsters security

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Affected customers:: 0 This affects my team

Watchers:: 5 Start watching this issue

Created:: 18/Jun/2020 2:44 AM

Updated:: 08/Mar/2021 3:48 PM

Resolved:: 19/Jun/2020 12:54 AM

Jira Data Center

Details

Description

Attachments

Issue Links

Forms

Activity

[JRASERVER-71197] Denial of service in Dashboard & Gadgets - CVE-2020-14167

People

Dates