CVE-2019-14997

MEDIUM

Jira Server 7.13.0-8.3.9 - Unauthenticated Information Exposure via AccessLogFilter Caching

Title source: llm
STIX 2.1

Description

The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN.

References (1)

Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://jira.atlassian.com/browse/JRASERVER-69794

Scores

CVSS v3 4.3
EPSS 0.0020
EPSS Percentile 42.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Details

CWE
CWE-524
Status published
Products (1)
atlassian/jira_server 7.13.0 - 8.4.0
Published Sep 11, 2019
Tracked Since Feb 18, 2026