[JRASERVER-71696] Unauthenticated user can Enumerate Issue Keys - CVE-2020-14185 - Create and track feature requests for Atlassian products.

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low (View bug fix roadmap)
Fix Version/s: 8.13.0, 7.13.18, 8.5.9, 8.14.0
Affects Version/s: 8.5.0, 8.6.0, 7.13.17
Component/s: None
Labels:

CVSS Score:
3.7
CVSS Severity:
Low
CVE ID:
CVE-2020-14185

Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource.

The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2.

Affected versions:

version < 7.13.18
8.0.0 ≤ version < 7.13.18
8.6.0 ≤ version < 8.12.2

Fixed versions:

7.13.18
8.5.9
8.12.2

relates to

JRASERVER-72010 Unauthenticated information leakage of temporary files and project keys - CVE-2021-26069

Published

JSEC-130 You do not have permission to view this issue

Security Metrics Bot made changes - 16/Sep/2021 5:28 AM

CVE ID

New: CVE-2020-14185

David Black made changes - 30/Mar/2021 10:04 PM

Link

New: This issue relates to ~~JRASERVER-72010~~ [ ~~JRASERVER-72010~~ ]

Pawel Przytarski made changes - 20/Nov/2020 9:24 AM

Fix Version/s

New: 8.13.0 [ 92100 ]

David Black made changes - 19/Nov/2020 11:47 PM

Remote Link

New: This issue links to "JSEC-130 (JIRA Server (Bulldog))" [ 516362 ]

David Black made changes - 19/Nov/2020 4:39 AM

Labels

Original: CVE-2020-14185 advisory advisory-to-release basm cvss-low dont-import security

New: CVE-2020-14185 advisory advisory-released basm cvss-low dont-import security

David Black made changes - 15/Oct/2020 11:07 PM

Security

Original: Atlassian Staff [ 10750 ]

set-jac-bot made changes - 15/Oct/2020 10:09 AM

Fixed in Long Term Support Release/s

New: [Download 7.13, 8.5|https://confluence.atlassian.com/enterprise/atlassian-enterprise-releases-948227420.html]

David Black made changes - 15/Oct/2020 4:47 AM

Labels

Original: advisory advisory-to-release basm cvss-low dont-import security

New: CVE-2020-14185 advisory advisory-to-release basm cvss-low dont-import security

David Black made changes - 15/Oct/2020 4:47 AM

Summary

Original: Unauthenticated user can Enumerate Issue Keys - CVE-2020-XXXX [CVE pending]

New: Unauthenticated user can Enumerate Issue Keys - CVE-2020-14185

AB made changes - 15/Oct/2020 4:30 AM

Summary

Original: Unauthenticated user can Enumerate Issue Keys - CVE-2020-XXXX

New: Unauthenticated user can Enumerate Issue Keys - CVE-2020-XXXX [CVE pending]

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 14/Oct/2020 3:41 AM

Updated:: 16/Sep/2021 5:28 AM

Resolved:: 14/Oct/2020 5:45 AM

Details

Description

Attachments

Issue Links

Forms

Activity

[JRASERVER-71696] Unauthenticated user can Enumerate Issue Keys - CVE-2020-14185

People

Dates