Description

The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability.

Remediation

References

CVE-2020-14165

Related Vulnerabilities

Java Unspesificed Vulnerability (CVE-2019-2426)

Oracle Database Server CVE-2009-1993 Vulnerability (CVE-2009-1993)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-13395)

WordPress Plugin Quick Restaurant Menu Multiple Vulnerabilities (2.0.2)

WordPress Plugin Advanced Custom Fields (ACF) PHP Object Injection (6.0.7)

Severity

Medium

Classification

CVE-2020-14165

Tags

Missing Update Known Vulnerabilities