Lucene search

K
atlassianMandreacchioATLASSIAN:JRASERVER-71646
HistoryOct 05, 2020 - 8:20 p.m.

SEN disclosure via HTTP Response headers - CVE-2020-14183

2020-10-0520:20:56
mandreacchio
jira.atlassian.com
25

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance’s Support Entitlement Number (SEN) via an Information Disclosure vulnerability in the HTTP Response headers.

Affected versions:

  • version < 7.13.18
  • 8.0.0 ≤ version < 8.5.9
  • 8.6.0 ≤ version < 8.12.1

Fixed versions:

  • 7.13.18
  • 8.5.9
  • 8.12.1
  • 8.13.0
  • 8.14.0

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

Related for ATLASSIAN:JRASERVER-71646