Lucene search

[email protected]CVE-2020-14166

HistoryJul 01, 2020 - 2:15 a.m.

CVE-2020-14166

2020-07-0102:15:11

CWE-79

[email protected]

web.nvd.nist.gov

cve-2020-14166

jira

service desk

server

data center

xss

html

javascript

nvd

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

4.7 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

54.9%

JSON

The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.

Affected configurations

NVD

Node

atlassianjira_service_deskRange<4.10.0data_center

atlassianjira_service_deskRange<4.10.0server

CPENameOperatorVersion
atlassian:jira_service_deskatlassian jira service desklt4.10.0

CPE	Name	Operator	Version
atlassian:jira_service_desk	atlassian jira service desk	lt	4.10.0

CNA Affected

[
  {
    "product": "Jira Service Desk Server and Data Center",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "4.10.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]