CVE-2020-14185
N/A
N/A
Summary
Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Atlassian | Jira Server | unspecified < 7.13.18 | affected |
| Atlassian | Jira Server | 8.0.0 < unspecified | affected |
| Atlassian | Jira Server | 8.6.0 < unspecified | affected |
| Atlassian | Jira Server | unspecified < 8.12.2 | affected |
Weaknesses
- Broken Authentication
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.