CVE-2020-14181

MEDIUM NUCLEI

Atlassian Data Center < 7.13.6 - Information Disclosure

Title source: rule

Description

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0.

Exploits (5)

exploitdb WORKING POC

by Dolev Farhi · pythonwebappsmultiple

https://www.exploit-db.com/exploits/49633

View Code ZIP pw:eip

nomisec WORKING POC 8 stars

by Rival420 · poc

https://github.com/Rival420/CVE-2020-14181

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by bk-rao · poc

https://github.com/bk-rao/CVE-2020-14181

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by und3sc0n0c1d0 · poc

https://github.com/und3sc0n0c1d0/UserEnumJira

View Code ZIP pw:eip

metasploit SCANNER

by Brian Halbach, Mikhail Klyuchnikov · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/jira_user_enum.rb

View Code ZIP pw:eip

Nuclei Templates (1)

Jira Server and Data Center - Information Disclosure

MEDIUMby bjhulst

Shodan: http.component:"Atlassian Jira" || http.component:"atlassian jira"

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/161730/Atlassian-JIRA-8.11.1-User-Enumeration.html

[Issue Tracking, Vendor Advisory] https://jira.atlassian.com/browse/JRASERVER-71560

Scores

CVSS v3 5.3

EPSS 0.9295

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-200

Status published

Products (3)

atlassian/data_center < 7.13.6

atlassian/jira < 7.13.6

atlassian/jira_server 8.0.0 - 8.5.7

Published Sep 17, 2020

Tracked Since Feb 18, 2026