5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.4 Medium
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.963 High
EPSS
Percentile
99.5%
h3. Summary
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint.
h3. Affected versions:
h4. Fixed versions:
h3. Note on fix
We’ve been unable to fully fix this issue due to short SLA and possible performance problems that fix could introduce. Please check the workaround section for mitigation steps.
h3. Workaround - Fix Versions
To workaround this bug on Jira versions listed in “fixed in versions” above, one of the two techniques can be used:
h3. Workaround - Non-fix versions
If you are running Jira that is below one of the “fixed in versions” above and should not be open to unauthenticated users, you may block the affected endpoint from anonymous users by using the URL rewrite system.
First, add the public.access.disabled [dark feature|https://confluence.atlassian.com/jirakb/how-to-control-anonymous-user-access-in-a-public-jira-instance-975031479.html] as above. This blocks access to the Jira issue navigator when unauthenticated.
Then, on each node, block the QueryComponent endpoints:
{code:java}
<rule>
<from>(?s)/QueryComponent!.*.jspa</from>
<condition type=“session-attribute” name=“seraph_defaultauthenticator_user” operator=“notequal”>.+</condition>
<set type=“status”>403</set>
<to>null</to>
</rule>
{code}
(i) If for whatever reason you have scripted basic authentication calls to these endpoints (EG, python/curl requests), they will all be blocked, authenticated or not.
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.4 Medium
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.963 High
EPSS
Percentile
99.5%