vulnerability

Atlassian JIRA: Information Exposure (CVE-2019-14997)

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
Sep 11, 2019
Added
Oct 11, 2019
Modified
Oct 11, 2019

Description

The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN.

Solution

atlassian-jira-upgrade-8_4_0
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.