[JRASERVER-71646] SEN disclosure via HTTP Response headers - CVE-2020-14183 - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Low
Resolution: Fixed
Affects Version/s: 6.4.1
Fix Version/s: 8.12.1, 8.13.0, 7.13.18, 8.5.9, 8.14.0
Component/s: None
Labels:

Fixed in Long Term Support Release/s:

Download 7.13, 8.5
Introduced in Version:
6.04
CVSS Score:
4.3
Support reference count:
1
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's Support Entitlement Number (SEN) via an Information Disclosure vulnerability in the HTTP Response headers.

Affected versions:

version < 7.13.18
8.0.0 ≤ version < 8.5.9
8.6.0 ≤ version < 8.12.1

Fixed versions:

7.13.18
8.5.9
8.12.1
8.13.0
8.14.0

Attachments

Activity

People

Assignee:: Jerzy Jedrzejaszek (Inactive)

Reporter:: Michael Andreacchio

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 05/Oct/2020 8:20 PM

Updated:: 28/Oct/2020 5:45 PM

Resolved:: 08/Oct/2020 6:58 AM