Uploaded image for project: 'Jira Service Management Data Center'
  1. Jira Service Management Data Center
  2. JSDSERVER-6917

Information disclosure in API and Integrations - CVE-2020-14180

XMLWordPrintable

      Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource.

      Affected versions:

      • version < 4.12.0

      Fixed versions:

      • 4.12.0

            [JSDSERVER-6917] Information disclosure in API and Integrations - CVE-2020-14180

            David Black made changes -
            Labels Original: CVE-2020-14180 advisory advisory-to-release bugbounty cvss-medium impossible-to-resolve-in-vf information-disclosure no-cvss-required security security-imported New: CVE-2020-14180 advisory advisory-released bugbounty cvss-medium impossible-to-resolve-in-vf information-disclosure no-cvss-required security security-imported
            Security Metrics Bot made changes -
            Labels Original: CVE-2020-14180 advisory advisory-to-release bugbounty cvss-medium information-disclosure no-cvss-required security security-imported New: CVE-2020-14180 advisory advisory-to-release bugbounty cvss-medium impossible-to-resolve-in-vf information-disclosure no-cvss-required security security-imported
            AB made changes -
            Labels Original: advisory advisory-to-release bugbounty cve-in-progress cvss-medium information-disclosure no-cvss-required security security-imported New: CVE-2020-14180 advisory advisory-to-release bugbounty cvss-medium information-disclosure no-cvss-required security security-imported
            AB made changes -
            Security Original: Atlassian Staff [ 10750 ]
            AB made changes -
            Summary Original: Information disclosure in API and Integrations - CVE-PENDING New: Information disclosure in API and Integrations - CVE-2020-14180
            AB made changes -
            Description Original: Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the `/rest/servicedesk/1/servicedesk/67/request-type-fields/editform` endpoint.

            *Affected versions:*
             * version < 4.12.0

            *Fixed versions:*
             * 4.12.0             		New: Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource.

            *Affected versions:*
             * version < 4.12.0

            *Fixed versions:*
             * 4.12.0
            AB made changes -
            Labels Original: advisory advisory-to-release bugbounty cvss-medium information-disclosure no-cvss-required security security-imported New: advisory advisory-to-release bugbounty cve-in-progress cvss-medium information-disclosure no-cvss-required security security-imported
            AB made changes -
            Description Original: Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in API and Integrations.

            *Affected versions:*
             * version < 4.12.0

            *Fixed versions:*
             * 4.12.0             		New: Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the `/rest/servicedesk/1/servicedesk/67/request-type-fields/editform` endpoint.

            *Affected versions:*
             * version < 4.12.0

            *Fixed versions:*
             * 4.12.0
            AB made changes -
            Labels Original: advisory advisory-to-release bugbounty cvss-medium information-disclosure no-cvss-required security New: advisory advisory-to-release bugbounty cvss-medium information-disclosure no-cvss-required security security-imported
            Przemyslaw Czuj made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Gathering Impact [ 12072 ] New: Closed [ 6 ]

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Affected customers:
              0 This affects my team
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: