Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Disclosure vulnerability in the Jira Projects plugin report page. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.14.1.

Remediation

References

CVE-2020-29451

Related Vulnerabilities

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5098)

WordPress Plugin NextGEN Gallery-WordPress Gallery Security Bypass (3.1.6)

WordPress Plugin Responsive Filterable Portfolio Unspecified Vulnerability (1.0.8)

Joomla! Core 3.6.0 Cross-Site Request Forgery (3.6.0)

WordPress Plugin Events Shortcodes For The Events Calendar Unspecified Vulnerability (1.7.2)

Severity

Medium

Classification

CVE-2020-29451

Tags

Missing Update Known Vulnerabilities