Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Disclosure vulnerability in the Jira Projects plugin report page. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.14.1.

Remediation

References

CVE-2020-29451

Related Vulnerabilities

WordPress Plugin Store Locator Plus for WordPress Privilege Escalation (5.5.14)

JBoss Application Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-3606)

Drupal Core 8.8.x Cross-Site Request Forgery (8.8.0 - 8.8.7)

Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-24554)

Oracle Application Server Other Vulnerability (CVE-2001-1372)

Severity

Medium

Classification

CVE-2020-29451

Tags

Missing Update Known Vulnerabilities