Description

The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability.

Remediation

References

CVE-2019-20404

Related Vulnerabilities

WordPress Improper Input Validation Vulnerability (CVE-2011-4957)

Jetty Insufficient Session Expiration Vulnerability (CVE-2021-34428)

WordPress Plugin WP Popup Lite-Responsive popup for WordPress includes Backdoor [Only if downloaded via the vendor website] (1.0.8)

WordPress Plugin Image Metadata Cruncher Multiple Vulnerabilities (1.8)

Joomla Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-5671)

Severity

Medium

Classification

CVE-2019-20404 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities