CVE-2020-14179

MEDIUM NUCLEI

Atlassian Jira Server/Data Center <8.5.8, 8.6.0-8.11.1 - Unauthenticated Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-14179. PoCs published by c0brabaghdad1, mrnazu. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a Perl script that scans for the presence of CVE-2020-14179, a vulnerability in Atlassian Jira. The script checks if the vulnerable endpoint '/secure/QueryComponent!Default.jspa' is accessible and returns a 200 status code.

Description

Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.

Exploits (2)

nomisec SCANNER 8 stars
by c0brabaghdad1 · poc
https://github.com/c0brabaghdad1/CVE-2020-14179

This repository contains a Perl script that scans for the presence of CVE-2020-14179, a vulnerability in Atlassian Jira. The script checks if the vulnerable endpoint '/secure/QueryComponent!Default.jspa' is accessible and returns a 200 status code.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Atlassian Jira
No auth needed
Prerequisites: Network access to the target Jira instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER 4 stars
by mrnazu · poc
https://github.com/mrnazu/CVE-2020-14179

This repository contains a bash script that scans for CVE-2020-14179, an information disclosure vulnerability in Atlassian Jira Server and Data Center. The script sends a request to the `/secure/QueryComponent!Default.jspa` endpoint and checks the response for indicators of vulnerability.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Atlassian Jira Server and Data Center (versions 8.6.0, 8.8.0, 8.5.5, 8.9.0, 8.10.0, 8.11.0, and possibly others)
No auth needed
Prerequisites: Access to the target Jira instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Atlassian Jira Server/Data Center <8.5.8/8.6.0 - 8.11.1 - Information Disclosure
MEDIUMby x1m_martijn
Shodan: http.component:"Atlassian Jira" || http.component:"atlassian jira"

References (1)

Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://jira.atlassian.com/browse/JRASERVER-71536

Scores

CVSS v3 5.3
EPSS 0.7604
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

Status published
Products (2)
atlassian/jira_data_center < 8.5.8
atlassian/jira_server < 8.5.8
Published Sep 21, 2020
Tracked Since Feb 18, 2026