CVE-2020-4024

Summary

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a vnd.wap.xhtml+xml content type.

Affected Software

VendorProductVersion RangeStatus
AtlassianJira Server and Data Centerunspecified < 8.5.5affected
AtlassianJira Server and Data Center8.6.0 < unspecifiedaffected
AtlassianJira Server and Data Centerunspecified < 8.8.2affected
AtlassianJira Server and Data Center8.9.0 < unspecifiedaffected
AtlassianJira Server and Data Centerunspecified < 8.9.1affected

Weaknesses

  • Cross-Site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References