CVE-2019-20899

MEDIUM

Atlassian Jira Server/Data Center <8.5.4 & <8.6.1-8.6.0 - DoS

Title source: llm

Description

The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://jira.atlassian.com/browse/JRASERVER-70808

Scores

CVSS v3 5.3

EPSS 0.0048

EPSS Percentile 65.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

Status published

Products (4)

atlassian/jira < 8.5.4

atlassian/jira_data_center 8.5.5 - 8.6.1

atlassian/jira_server 8.5.5 - 8.6.1

atlassian/jira_software_data_center < 8.5.4

Published Jul 13, 2020

Tracked Since Feb 18, 2026