Description

The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability.

Remediation

References

CVE-2019-20403

Related Vulnerabilities

MySQL CVE-2014-6507 Vulnerability (CVE-2014-6507)

phpList Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-20036)

ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-8793)

WordPress Plugin Ultimate TinyMCE Multiple Unspecified Vulnerabilities (5.0)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-0782)

Severity

Medium

Classification

CVE-2019-20403 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities