Description

Due to an information disclosure vulnerability, Jira's QueryComponent!Default.jspa endpoint allows unauthenticated attackers to view custom field names and custom SLA names

Remediation

Consult "Web references" for more information about solutions.

References

Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint - CVE-2020-14179

Related Vulnerabilities

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4642)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-20281)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-2162)

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5504)

Oracle JRE CVE-2013-2448 Vulnerability (CVE-2013-2448)

Severity

Medium

Classification

CVE-2020-14179 CWE-288 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Known Vulnerabilities