Description

The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability.

Remediation

References

CVE-2020-14165

Related Vulnerabilities

WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.34)

WordPress Plugin FireStorm Professional Real Estate Multiple SQL Injection Vulnerabilities (2.05.01)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery SQL Injection (1.3.50)

WebLogic Improper Certificate Validation Vulnerability (CVE-2020-9488)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-14164)

Severity

Medium

Classification

CVE-2020-14165

Tags

Missing Update Known Vulnerabilities