[JRASERVER-71646] SEN disclosure via HTTP Response headers - CVE-2020-14183 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Low (View bug fix roadmap)
Fix Version/s: 8.12.1, 8.13.0, 7.13.18, 8.5.9, 8.14.0
Affects Version/s: 6.4.1
Component/s: None
Labels:

Fixed in Long Term Support Release/s:

Download 7.13, 8.5
Introduced in Version:
6.04
CVSS Score:
4.3
Support reference count:
1
Bug Fix Policy:
View Atlassian Server bug fix policy

Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's Support Entitlement Number (SEN) via an Information Disclosure vulnerability in the HTTP Response headers.

Affected versions:

version < 7.13.18
8.0.0 ≤ version < 8.5.9
8.6.0 ≤ version < 8.12.1

Fixed versions:

7.13.18
8.5.9
8.12.1
8.13.0
8.14.0

Security Metrics Bot made changes - 28/Oct/2020 5:45 PM

Labels

Original: CVE-2020-14183 advisory advisory-released cvss-medium security security-imported

New: CVE-2020-14183 advisory advisory-released cvss-medium impossible-to-resolve-in-vf security security-imported

David Black made changes - 14/Oct/2020 12:18 AM

Labels

Original: CVE-2020-14183 advisory cvss-medium security security-imported

New: CVE-2020-14183 advisory advisory-released cvss-medium security security-imported

AB made changes - 12/Oct/2020 3:20 AM

Security

Original: Reporter and Atlassian Staff [ 10751 ]

Ignat (Inactive) made changes - 08/Oct/2020 6:58 AM

Resolution		New: Fixed [ 1 ]
Status	Original: Waiting for Release [ 12075 ]	New: Closed [ 6 ]

Bugfix Automation Bot made changes - 08/Oct/2020 6:00 AM

Support reference count

New: 1

AB made changes - 06/Oct/2020 10:19 PM

Labels

Original: advisory cve-in-progress cvss-medium security security-imported

New: CVE-2020-14183 advisory cvss-medium security security-imported

AB made changes - 06/Oct/2020 10:19 PM

Summary

Original: SEN disclosure via HTTP Response headers - CVE-PENDING

New: SEN disclosure via HTTP Response headers - CVE-2020-14183

AB made changes - 05/Oct/2020 11:08 PM

Labels

Original: cve-in-progress cvss-medium security security-imported

New: advisory cve-in-progress cvss-medium security security-imported

AB made changes - 05/Oct/2020 8:39 PM

Description

Original: Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's Support Entitlement Number (SEN) via the HTTP Response headers.

*Affected versions:*
* version < 7.13.18
* 8.0.0 ≤ version < 8.5.9
* 8.6.0 ≤ version < 8.12.1

*Fixed versions:*
* 7.13.18
* 8.5.9
* 8.12.1
* 8.13.0
* 8.14.0

New: Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's Support Entitlement Number (SEN) via an Information Disclosure vulnerability in the HTTP Response headers.

*Affected versions:*
* version < 7.13.18
* 8.0.0 ≤ version < 8.5.9
* 8.6.0 ≤ version < 8.12.1

*Fixed versions:*
* 7.13.18
* 8.5.9
* 8.12.1
* 8.13.0
* 8.14.0

AB made changes - 05/Oct/2020 8:36 PM

Summary

Original: SEN disclosure via HTTP Response headers

New: SEN disclosure via HTTP Response headers - CVE-PENDING

Assignee:: Jerzy Jedrzejaszek (Inactive)

Reporter:: Michael Andreacchio

Affected customers:: 0 This affects my team

Watchers:: 4 Start watching this issue

Created:: 05/Oct/2020 8:20 PM

Updated:: 08/Mar/2021 3:34 PM

Resolved:: 08/Oct/2020 6:58 AM

Details

Description

Attachments

Forms

Activity

[JRASERVER-71646] SEN disclosure via HTTP Response headers - CVE-2020-14183

People

Dates