Description

The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability.

Remediation

References

CVE-2019-20404

Related Vulnerabilities

MySQL CVE-2016-5440 Vulnerability (CVE-2016-5440)

WordPress Plugin Directories Pro Cross-Site Scripting (1.3.45)

MySQL CVE-2020-2588 Vulnerability (CVE-2020-2588)

WordPress Plugin Yasr-Yet Another Stars Rating SQL Injection (0.9.0)

WordPress Plugin Yoast SEO Cross-Site Scripting (2.1.1)

Severity

Medium

Classification

CVE-2019-20404 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities