Loading...

XML

Word

Printable

Details

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low
Fix Version/s: 8.15.0
Affects Version/s: 8.0.0, 8.5.0, 8.13.0, 8.14.0
Component/s: None
Labels:

CVSS Score:
5
CVSS Severity:
Medium
CVE ID:
CVE-2020-11022

Description

Affected versions of Atlassian Jira Server and Data Center use a version of jQuery that is vulnerable to CVE-2020-11022 and CVE-2020-11023. These allow an unauthenticated attacker to inject Javascript into the application via Cross-Site Scripting (XSS) vulnerabilities.

The affected versions are before version 8.15.0.

Affected versions:

version < 8.15.0

Fixed versions:

8.15.0

Attachments

Issue Links

is related to

JRASERVER-67820 Security vulnerabilities exist in Javascript libraries used in Jira Server (7.11.2)

Gathering Interest

JSWSERVER-20505 Security vulnerabilities exist in Javascript libraries used in Jira Software (8.8.0)

Gathering Interest

mentioned in: Page Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 24 Start watching this issue

Dates

Created:: 02/Feb/2021 9:59 AM

Updated:: 11/Aug/2022 5:53 AM

Resolved:: 04/Feb/2021 1:13 AM