-
Bug
-
Resolution: Fixed
-
Low (View bug fix roadmap)
-
7.13.9, 8.8.0, 8.8.1
-
7.13
-
Severity 3 - Minor
-
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint.
Affected versions:
- version < 7.13.17
- 7.14.0 ≤ version < 8.5.8
- 8.6.0 ≤ version < 8.12.0
Fixed versions:
- 7.13.17
- 8.5.8
- 8.12.0
- 8.13.0
[JRASERVER-71498] Project enumeration through /browse.PROJECTKEY - CVE-2020-14178
| Link | New: This issue was cloned as JRASERVER-74532 [ JRASERVER-74532 ] |
| Labels | Original: advisory advisory-to-release cve-2020-14178 cvss-medium info_leak infoleak information-disclosure information-leak resolved-in-vf security security-imported | New: advisory advisory-released cve-2020-14178 cvss-medium info_leak infoleak information-disclosure information-leak resolved-in-vf security security-imported |
| Labels | Original: advisory advisory-to-release cve-2020-14178 cvss-medium info_leak infoleak information-disclosure information-leak security security-imported | New: advisory advisory-to-release cve-2020-14178 cvss-medium info_leak infoleak information-disclosure information-leak resolved-in-vf security security-imported |
| Remote Link | New: This issue links to "Page (Confluence)" [ 507029 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 504916 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 503785 ] |
| Security | Original: Atlassian Staff [ 10750 ] |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: Needs Triage [ 10030 ] | New: Closed [ 6 ] |
| Summary | Original: Project enumeration through /browse.PROJECTKEY - CVE-PENDING | New: Project enumeration through /browse.PROJECTKEY - CVE-2020-14178 |
| Labels | Original: advisory advisory-to-release cve-in-progress cvss-medium info_leak infoleak information-disclosure information-leak security security-imported | New: advisory advisory-to-release cve-2020-14178 cvss-medium info_leak infoleak information-disclosure information-leak security security-imported |