vulnerability

Atlassian JIRA: User Enumeration via /ViewUserHover.jspa (CVE-2020-14181)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Sep 17, 2020	Sep 28, 2020	Sep 28, 2020

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Sep 17, 2020

Added

Sep 28, 2020

Modified

Sep 28, 2020

Description

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0.

Solution(s)

atlassian-jira-upgrade-7_13_6atlassian-jira-upgrade-8_12_0atlassian-jira-upgrade-8_5_7

References

CVE-2020-14181
https://attackerkb.com/topics/CVE-2020-14181

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today