CVE-2020-14179

MEDIUM NUCLEI

Atlassian Jira Data Center < 8.5.8 - Information Disclosure

Title source: rule

Description

Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.

Exploits (2)

nomisec SCANNER 8 stars

by c0brabaghdad1 · poc

https://github.com/c0brabaghdad1/CVE-2020-14179

View Code ZIP pw:eip

nomisec SCANNER 4 stars

by mrnazu · poc

https://github.com/mrnazu/CVE-2020-14179

View Code ZIP pw:eip

Nuclei Templates (1)

Atlassian Jira Server/Data Center <8.5.8/8.6.0 - 8.11.1 - Information Disclosure

MEDIUMby x1m_martijn

Shodan: http.component:"Atlassian Jira" || http.component:"atlassian jira"

References (1)

[Issue Tracking, Vendor Advisory] https://jira.atlassian.com/browse/JRASERVER-71536

Scores

CVSS v3 5.3

EPSS 0.9258

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

Status published

Products (2)

atlassian/jira_data_center < 8.5.8

atlassian/jira_server < 8.5.8

Published Sep 21, 2020

Tracked Since Feb 18, 2026