Lucene search
Security-metrics-botATLASSIAN:JRASERVER-70942HistoryApr 22, 2020 - 1:47 a.m.
Information disclosure in System Administration - Global Permissions - CVE-2019-20898
2020-04-2201:47:29
security-metrics-bot
jira.atlassian.com
86
0.013 Low
EPSS
Percentile
86.2%
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen.
Affected versions:
- version < 8.8.0
Fixed versions:
- 8.8.0
Workaround for Jira 8.5.x:
- version >= 8.5.12: Enable [feature flag|https://confluence.atlassian.com/jirakb/enable-dark-feature-in-jira-959286331.html]
{{jira.restrict.anonymous.access.to.mypermissions.rest.api.enabled}} - version < 8.5.12: Not available
| CPE | Name | Operator | Version |
|---|---|---|---|
| jira server and data center | le | 7.13.11 | |
| jira server and data center | lt | 8.8.0 |
Related
prion
prion
Design/Logic Flaw
2020-07-13 01:15:00
nvd
nvd
CVE-2019-20898
2020-07-13 01:15:13
cve
cve
CVE-2019-20898
2020-07-13 01:15:13
atlassian
atlassian
cvelist
cvelist
CVE-2019-20898
2020-04-22 00:00:00