5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.004 Low
EPSS
Percentile
68.5%
Research conducted on ████████ indicates that the Atlassian Jira Server and Data Center instance allows remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa
endpoint (CVE-2020-14179).
The domain ████████ is interpreted as in-scope of the DoD VDP, based on the following findings:
The acronym "████: <https://www.█████████>.
The link to █████████ is included in the navigation menu displayed by a Confluence instance that belongs to the█████ “████████”:
███
[ Note ] If this interpretation is incorrect, I would very much appreciate an opportunity to self-close the report.
Test traffic included (when possible) the following markers:
X-Bug-Bounty: ID-aebf31c2dfb9205493c5d0ff65d59480305bdb96a85ace0c41f86c45c80a977b
Chromium v. 92.0.4515.131
Burp Suite Community Edition Build 9276
HackerOne report #1061204
HackerOne report #988550
HackerOne report #1003980
HackerOne report #1050454
A remote, unauthenticated and unauthorised attacker can access custom field names and custom SLA names.
The attacker can make a jql query using the custom SLA fields disclosed by the endpoint.
████████
Atlassian Jira Server and Data Center
CVE-2020-14179
In a browser, visit <https://█████/secure/QueryComponent!Default.jspa>
████████
Update the Jira instance to a version that is not vulnerable to CVE-2020-14179.
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.004 Low
EPSS
Percentile
68.5%