[JRASERVER-71198] Man-in-the-middle in Jira email client - CVE-2020-14168 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Low (View bug fix roadmap)
Fix Version/s: 8.8.2, 8.10.0, 8.9.1, 7.13.16, 8.5.7
Affects Version/s: 8.7.1
Component/s: Administration - Others
Labels:

Fixed in Long Term Support Release/s:

Download 7.13, 8.5
Introduced in Version:
8.07
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

The email client in Jira Server and Data Center allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle (MITM) vulnerability

Affected versions:

version < 7.13.14
8.5.0 ≤ version < 8.5.5
8.8.0 ≤ version < 8.8.2
8.9.0 ≤ version < 8.9.1

Fixed versions:

7.13.16
8.5.7
8.8.2
8.9.1
8.10.0

mentioned in: Page Failed to load; Page Failed to load

Security Metrics Bot added a comment - 18/Jun/2020 2:44 AM

This is an independent assessment and you should evaluate its applicability to your own IT environment.
CVSS v3 score: 5.3 => Medium severity

Exploitability Metrics

Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User Interaction	None

Scope Metric

Scope	Unchanged

Impact Metrics

Confidentiality	Low
Integrity	None
Availability	None

https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Security Metrics Bot added a comment - 18/Jun/2020 2:44 AM This is an independent assessment and you should evaluate its applicability to your own IT environment. CVSS v3 score: 5.3 => Medium severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required None User Interaction None Scope Metric Scope Unchanged Impact Metrics Confidentiality Low Integrity None Availability None https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Affected customers:: 0 This affects my team

Watchers:: 6 Start watching this issue

Created:: 18/Jun/2020 2:44 AM

Updated:: 16/Aug/2022 8:43 AM

Resolved:: 19/Jun/2020 12:54 AM

Jira Data Center

Details

Description

Attachments

Issue Links

Forms

Activity

[JRASERVER-71198] Man-in-the-middle in Jira email client - CVE-2020-14168

Collapse comment: Security Metrics Bot added a comment - 18/Jun/2020 2:44 AM

Expand comment: Security Metrics Bot added a comment - 18/Jun/2020 2:44 AM

People

Dates