DoS through Jira Gadget API - CVE-2019-20899

2020-03-2301:50:27

security-metrics-bot

jira.atlassian.com

0.002 Low

EPSS

Percentile

59.0%

JSON

The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API.

Affected versions:

version < 8.5.4
8.6.0

Fixed versions:

This is fixed in versions 8.5.4, 8.6.1 and 8.7.0.

CPENameOperatorVersion
jira server and data centerle7.13.0
jira server and data centerle7.6.15
jira server and data centerlt8.7.0
jira server and data centerle8.5.3
jira server and data centerlt8.5.4
jira server and data centerlt8.6.1
jira server and data centerle7.6.0
jira server and data centerle7.13.12
jira server and data centerle8.5.0

Name	Operator	Version
jira server and data center	le	7.13.0
jira server and data center	le	7.6.15
jira server and data center	lt	8.7.0
jira server and data center	le	8.5.3
jira server and data center	lt	8.5.4
jira server and data center	lt	8.6.1
jira server and data center	le	7.6.0
jira server and data center	le	7.13.12
jira server and data center	le	8.5.0

0.002 Low

EPSS

Percentile

59.0%

JSON

Related for ATLASSIAN:JRASERVER-70808