Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneLu3ky-13H1:1153817
HistoryApr 06, 2021 - 10:55 p.m.

U.S. Dept Of Defense: Sensitive data exposure via https://███████/jira//secure/QueryComponent!Default.jspa - CVE-2020-14179

2021-04-0622:55:10
lu3ky-13
hackerone.com
49

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

68.5%

JSON

Description:
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint.

Impact

https://jira.atlassian.com/browse/JRASERVER-71536
https://hackerone.com/reports/1003980

System Host(s)

████

Affected Product(s) and Version(s)

CVE Numbers

CVE-2020-14179

Steps to Reproduce

Step-by-step Reproduction Instructions

URL:https://██████/jira//secure/QueryComponent!Default.jspa

Suggested Mitigation/Remediation Actions

Related

nessus 1
hackerone 10
cve 1
prion 1
nuclei 1
atlassian 4
githubexploit 1
thn 1
nessus
nessus
Atlassian Jira < 8.5.8 / 8.6.0 < 8.11.1 Sensitive Data Exposure (JRASERVER-71536)
2020-09-24 00:00:00
hackerone
hackerone
U.S. Dept Of Defense: Sensitive data exposure via https://████████.mil/secure/QueryComponent!Default.jspa - CVE-2020-14179
2020-09-22 19:07:15
Endless Group: CVE-2020-14179 on https://jira.theendlessweb.com/secure/QueryComponent!Default.jspa leads to information disclosure
2020-10-09 20:40:23
U.S. Dept Of Defense: [███████] Information disclosure due unauthenticated access to APIs and system browser functions
2023-08-24 22:14:14
cve
cve
CVE-2020-14179
2020-09-21 01:15:00
prion
prion
Information disclosure
2020-09-21 01:15:00
nuclei
nuclei
Atlassian Jira Server/Data Center <8.5.8/8.6.0 - 8.11.1 - Information Disclosure
2020-09-22 15:44:12
atlassian
atlassian
Information Disclosure ever after CVE-2020-14179/JRASERVER-71536
2021-11-29 15:22:30
Information Disclosure ever after CVE-2020-14179/JRASERVER-71536
2021-11-29 15:22:30
Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint - CVE-2020-14179
2020-09-10 04:31:31
githubexploit
githubexploit
Exploit for Vulnerability in Atlassian Jira Server
2021-01-08 14:15:24
thn
thn
Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems
2021-08-23 13:27:00

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

68.5%

JSON
Related for H1:1153817
nessus1hackerone10cve1prion1nuclei1atlassian4githubexploit1thn1