CVE-2020-14181

MEDIUM NUCLEI

Atlassian Jira Server/Data Center <7.13.6, 8.0.0-8.5.7 - User Enumeration via ViewUserHover.jspa

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2020-14181. PoCs published by Dolev Farhi, Rival420, bk-rao, including Metasploit module auxiliary/scanner/http/jira_user_enum. A Nuclei detection template is also available.

AI-analyzed exploit summary This script exploits CVE-2020-14181, a user enumeration vulnerability in Atlassian JIRA. It checks if a server is vulnerable by testing a random username and then enumerates valid usernames from a provided file by analyzing the response from the ViewUserHover.jspa endpoint.

Description

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0.

Exploits (5)

exploitdb WORKING POC
by Dolev Farhi · pythonwebappsmultiple
https://www.exploit-db.com/exploits/49633

This script exploits CVE-2020-14181, a user enumeration vulnerability in Atlassian JIRA. It checks if a server is vulnerable by testing a random username and then enumerates valid usernames from a provided file by analyzing the response from the ViewUserHover.jspa endpoint.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Atlassian JIRA versions < 7.13.16, 8.0.0 ≤ version < 8.5.7, 8.6.0 ≤ version < 8.12.0
No auth needed
Prerequisites: Target JIRA server URL · List of usernames to test
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 8 stars
by Rival420 · poc
https://github.com/Rival420/CVE-2020-14181

This PoC exploits CVE-2020-14181, an information disclosure vulnerability in Atlassian Jira Server and Data Center, allowing unauthenticated user enumeration via the /ViewUserHover.jspa endpoint. The script iterates through a wordlist of usernames and checks for valid users by parsing the response.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Atlassian Jira Server and Data Center (versions < 7.13.16, 8.0.0 ≤ version < 8.5.7, 8.6.0 ≤ version < 8.12.0)
No auth needed
Prerequisites: A wordlist of potential usernames · Network access to the vulnerable Jira instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by bk-rao · poc
https://github.com/bk-rao/CVE-2020-14181

This PoC exploits CVE-2020-14181, an information disclosure vulnerability in Atlassian Jira Server and Data Center. It enumerates valid usernames by sending requests to the /ViewUserHover.jspa endpoint and parsing the response for user details.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Atlassian Jira Server and Data Center (affected versions)
No auth needed
Prerequisites: Access to the target Jira instance · A wordlist of potential usernames
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by und3sc0n0c1d0 · poc
https://github.com/und3sc0n0c1d0/UserEnumJira

The repository contains a working PoC for CVE-2020-14181, an information disclosure vulnerability in Jira. The script enumerates valid usernames by checking responses from the ViewUserHover.jspa endpoint.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Atlassian Jira
No auth needed
Prerequisites: Target URL with Jira instance · Wordlist of potential usernames
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit SCANNER
by Brian Halbach, Mikhail Klyuchnikov · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/jira_user_enum.rb

This Metasploit module enumerates Jira users by exploiting an information disclosure vulnerability in the /ViewUserHover.jspa endpoint. It checks for user existence by analyzing HTTP responses and logs valid users.

Classification
Scanner 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Atlassian Jira versions < 7.13.16, 8.0.0 <= version < 8.5.7, 8.6.0 <= version < 8.11.1
No auth needed
Prerequisites: Network access to the Jira instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Jira Server and Data Center - Information Disclosure
MEDIUMby bjhulst
Shodan: http.component:"Atlassian Jira" || http.component:"atlassian jira"

References (2)

Core 2
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://jira.atlassian.com/browse/JRASERVER-71560
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/161730/Atlassian-JIRA-8.11.1-User-Enumeration.html

Scores

CVSS v3 5.3
EPSS 0.9960
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (3)
atlassian/data_center < 7.13.6
atlassian/jira < 7.13.6
atlassian/jira_server 8.0.0 - 8.5.7
Published Sep 17, 2020
Tracked Since Feb 18, 2026