Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
atlassianSecurity-metrics-botATLASSIAN:JRASERVER-71175
HistoryJun 12, 2020 - 8:05 p.m.

Information disclosure in Login - CVE-2020-4028

2020-06-1220:05:39
security-metrics-bot
jira.atlassian.com
54

0.001 Low

EPSS

Percentile

47.4%

JSON

Users without session information should be pushed to the login page.
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in Login.

Affected versions:

  • version < 8.9.1

Fixed versions:

  • 8.9.1
  • 8.10.0
  • 8.11.0

Notes:

If the fix is causing problems it can be disabled by [adding to Jira a dark feature flag|https://confluence.atlassian.com/jirakb/enable-dark-feature-in-jira-959286331.html]
{code:java}
jira.redirect.anonymous.404.errors.disabled
{code}
The fix is available in LTS versions - 7.13.15+ and 8.5.6+ but will be disabled. The fix can be enabled by [adding to Jira a dark feature flag|https://confluence.atlassian.com/jirakb/enable-dark-feature-in-jira-959286331.html]
{code:java}
jira.redirect.anonymous.404.errors.enabled{code}
Both feature flags can be [added by admin via site &lt;jira_directory&gt;/secure/SiteDarkFeatures!default.jspa|https://confluence.atlassian.com/jirakb/enable-dark-feature-in-jira-959286331.html]

Related

cve 1
atlassian 1
nvd 1
prion 1
cvelist 1
cve
cve
CVE-2020-4028
2020-06-23 13:15:17
atlassian
atlassian
Information disclosure in Login - CVE-2020-4028
2020-06-12 20:05:39
nvd
nvd
CVE-2020-4028
2020-06-23 13:15:17
prion
prion
Information disclosure
2020-06-23 13:15:00
cvelist
cvelist
CVE-2020-4028
2020-06-17 00:00:00

0.001 Low

EPSS

Percentile

47.4%

JSON
Related for ATLASSIAN:JRASERVER-71175
cve1atlassian1nvd1prion1cvelist1