CVE-2019-20403
MEDIUMAtlassian Jira Server and Data Center 7.13.0-8.5.4 - Information Disclosure via Project Key API
Title source: llmDescription
The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://jira.atlassian.com/browse/JRASERVER-70565
Scores
CVSS v3
5.3
EPSS
0.0044
EPSS Percentile
63.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
Status
published
Products (2)
atlassian/jira_data_center
7.13.0 - 8.5.5
atlassian/jira_server
7.13.0 - 8.5.5
Published
Feb 06, 2020
Tracked Since
Feb 18, 2026