vulnerability

Atlassian JIRA: Information Exposure (CVE-2019-14997)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:P/I:N/A:N)	Sep 11, 2019	Oct 11, 2019	Oct 11, 2019

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

Sep 11, 2019

Added

Oct 11, 2019

Modified

Oct 11, 2019

Description

The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN.

Solution

atlassian-jira-upgrade-8_4_0

References

CVE-2019-14997
https://attackerkb.com/topics/CVE-2019-14997

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today