CVE-2020-14185

Summary

Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2.

Affected Software

VendorProductVersion RangeStatus
AtlassianJira Serverunspecified < 7.13.18affected
AtlassianJira Server8.0.0 < unspecifiedaffected
AtlassianJira Server8.6.0 < unspecifiedaffected
AtlassianJira Serverunspecified < 8.12.2affected

Weaknesses

  • Broken Authentication

ADP Enrichment

CVE Program Container

Additional References

References