CVE-2020-4028

Summary

Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure vulnerability.

Affected Software

VendorProductVersion RangeStatus
AtlassianJira Server and Data Centerunspecified < 8.9.1affected

Weaknesses

  • Sensitive Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References