CVE-2020-14168

MEDIUM

Jira Server/Data Center <7.13.16, <8.5.7, <8.8.2, <8.9.1 - Info Dis...

Title source: llm

Description

The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle (MITM) vulnerability.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://jira.atlassian.com/browse/JRASERVER-71198

Scores

CVSS v3 5.9

EPSS 0.0033

EPSS Percentile 55.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Products (4)

atlassian/jira < 7.13.14

atlassian/jira_data_center 8.5.0 - 8.5.5

atlassian/jira_server 8.5.0 - 8.5.5

atlassian/jira_software_data_center < 7.13.14

Published Jul 01, 2020

Tracked Since Feb 18, 2026