Description

The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability.

Remediation

References

CVE-2019-20404

Related Vulnerabilities

MySQL CVE-2022-21329 Vulnerability (CVE-2022-21329)

WordPress Plugin WP Activity Log Cross-Site Scripting (2.4.3)

WordPress Plugin My Tickets Cross-Site Scripting (1.5.0)

Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10353)

WordPress Plugin CM Tooltip Glossary-Better SEO and UEX for your WP site Cross-Site Scripting (3.9.20)

Severity

Medium

Classification

CVE-2019-20404 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities