Jira QueryComponent Information Disclosure (CVE-2020-14179) - Vulnerability Database

Jira QueryComponent Information Disclosure (CVE-2020-14179)

Description

Due to an information disclosure vulnerability, Jira's QueryComponent!Default.jspa endpoint allows unauthenticated attackers to view custom field names and custom SLA names

Remediation

Consult "Web references" for more information about solutions.

References

Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint - CVE-2020-14179

Related Vulnerabilities

Severity

Medium

Classification

CVE-2020-14179

CWE-288

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N