Main Vulnerability Database Vulnerabilities #VU34156

#VU34156 Information disclosure in Jira Software - CVE-2019-20898

Published: July 13, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34156

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-20898

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Jira Software

Software vendor:
Atlassian

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0.

Remediation

Install update from vendor's website.

External links

https://jira.atlassian.com/browse/JRASERVER-70942