CVE-2019-20404

MEDIUM

Atlassian Jira Server/Data Center <8.6.0 - Info Disclosure

Title source: llm

Description

The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability.

References (1)

Core 1

Core References

Issue Tracking, Vendor Advisory x_refsource_misc

https://jira.atlassian.com/browse/JRASERVER-70569

Scores

CVSS v3 4.3

EPSS 0.0105

EPSS Percentile 77.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

Status published

Products (2)

atlassian/jira_data_center 8.2.4 - 8.6.0

atlassian/jira_server 8.2.4 - 8.6.0

Published Feb 06, 2020

Tracked Since Feb 18, 2026