CVE-2020-4029

MEDIUM

Atlassian Jira Server/Data Center <8.5.5, <8.6.0-8.7.2, <8.8.0-8.8....

Title source: llm

Description

The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to enumerate project names via an improper authorization vulnerability.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://jira.atlassian.com/browse/JRASERVER-70926

Scores

CVSS v3 4.3

EPSS 0.0023

EPSS Percentile 45.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

Status published

Products (4)

atlassian/jira < 8.5.5

atlassian/jira_data_center 8.6.0 - 8.7.2

atlassian/jira_server 8.6.0 - 8.7.2

atlassian/jira_software_data_center < 8.5.5

Published Jul 01, 2020

Tracked Since Feb 18, 2026