Lucene search

K
hackeroneBa56adcb299ff13a87475bfH1:1050454
HistoryDec 04, 2020 - 10:54 a.m.

U.S. Dept Of Defense: Sensitive data exposure via https://███/secure/QueryComponent!Default.jspa - CVE-2020-14179

2020-12-0410:54:49
ba56adcb299ff13a87475bf
hackerone.com
36

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

68.5%

##Summary:

Information Disclosure vulnerability in outdated Jira.

##Description:

Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint.
Step-by-step Reproduction Instructions

Visit URL: https://████████/secure/QueryComponent!Default.jspa to view exposed information in any web browser.

##Product, Version, and Configuration

The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.

Suggested Mitigation/Remediation Actions

Update affected Jira version according to vendor instructions.

Impact

Unauthenticated attackers to view custom Jira field names and custom SLA names.

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

68.5%