Project enumeration through /browse.PROJECTKEY - CVE-2020-14178

2020-08-3121:25:15

security-metrics-bot

jira.atlassian.com

0.018 Low

EPSS

Percentile

88.1%

JSON

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint.

Affected versions:

version < 7.13.17
7.14.0 ≤ version < 8.5.8
8.6.0 ≤ version < 8.12.0

Fixed versions:

7.13.17
8.5.8
8.12.0
8.13.0

CPENameOperatorVersion
jira server and data centerlt7.13.17
jira server and data centerle7.13.9
jira server and data centerlt8.5.8
jira server and data centerle8.8.0
jira server and data centerlt8.13.0
jira server and data centerle8.8.1
jira server and data centerlt8.12.0

Name	Operator	Version
jira server and data center	lt	7.13.17
jira server and data center	le	7.13.9
jira server and data center	lt	8.5.8
jira server and data center	le	8.8.0
jira server and data center	lt	8.13.0
jira server and data center	le	8.8.1
jira server and data center	lt	8.12.0

0.018 Low

EPSS

Percentile

88.1%

JSON

Related for ATLASSIAN:JRASERVER-71498