CVE-2019-20407

MEDIUM

Jira Software 8.4.1-8.5.3 Authenticated Information Disclosure

Title source: llm
STIX 2.1

Description

The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they do not have access to through an missing authorisation check.

References (1)

Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://jira.atlassian.com/browse/JRASERVER-70599

Scores

CVSS v3 4.3
EPSS 0.0027
EPSS Percentile 50.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-862
Status published
Products (2)
atlassian/jira_data_center 8.4.1 - 8.5.3
atlassian/jira_server 8.4.1 - 8.5.3
Published Mar 17, 2020
Tracked Since Feb 18, 2026