Lucene search

HistoryMar 14, 2023 - 12:00 a.m.

Atlassian Jira 8.9.x < 8.9.1 Multiple Vulnerabilities.

2023-03-1400:00:00

www.tenable.com

atlassian jira

remote attackers

outgoing emails

smtp server

man-in-the-middle

cve-2020-14168

denial of service

dashboard

gadgets

cve-2020-14167

self-reported

vulnerabilities

0.005 Low

EPSS

Percentile

75.9%

JSON

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.7. It is, therefore, affected by multiple vulnerabilities:

A vulnerability which permits remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle (MITM) vulnerability (CVE-2020-14168).
A flaw which permits remote attackers to impact the application’s availability via a Denial of Service (DoS) vulnerability in Dashboard & Gadgets (CVE-2020-14167).

Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.

No source data

VendorProductVersionCPE
atlassianjira*cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
atlassian	jira	*	cpe:2.3:a:atlassian:jira::::::::

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14167

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14168

jira.atlassian.com/browse/JRASERVER-71197

jira.atlassian.com/browse/JRASERVER-71198

0.005 Low

EPSS

Percentile

75.9%

JSON

Related for WEB_APPLICATION_SCANNING_113754