CVE-2019-20404

2020-02-0400:00:00

atlassian

www.cve.org

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.5%

JSON

The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability.

CNA Affected

[
  {
    "product": "Jira Server",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "8.6.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

jira.atlassian.com/browse/JRASERVER-70569