Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-71646

SEN disclosure via HTTP Response headers - CVE-2020-14183

XMLWordPrintable

      Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's Support Entitlement Number (SEN) via an Information Disclosure vulnerability in the HTTP Response headers.

      Affected versions:

      • version < 7.13.18
      • 8.0.0 ≤ version < 8.5.9
      • 8.6.0 ≤ version < 8.12.1

      Fixed versions:

      • 7.13.18
      • 8.5.9
      • 8.12.1
      • 8.13.0
      • 8.14.0

            [JRASERVER-71646] SEN disclosure via HTTP Response headers - CVE-2020-14183

            AB added a comment - - edited

            This is the base CVSS score. You may need to re-evaluate the impact of this vulnerability in your own IT environment.

            CVSS v3 score: 4.3 => Medium severity

            Exploitability Metrics

            Attack Vector Network
            Attack Complexity Low
            Privileges Required Low
            User Interaction None

            Scope Metric

            Scope Unchanged

            Impact Metrics

            Confidentiality Low
            Integrity None
            Availability None

             

            AB added a comment - - edited This is the base CVSS score. You may need to re-evaluate the impact of this vulnerability in your own IT environment. — CVSS v3 score: 4.3 => Medium severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required Low User Interaction None Scope Metric Scope Unchanged Impact Metrics Confidentiality Low Integrity None Availability None  

              b06b06291de3 Jerzy Jedrzejaszek (Inactive)
              mandreacchio Michael Andreacchio
              Affected customers:
              0 This affects my team
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: