Description

The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability.

Remediation

References

CVE-2019-20404

Related Vulnerabilities

Jboss EAP Incorrect Authorization Vulnerability (CVE-2019-14843)

WordPress Plugin WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection-StopBadBots SQL Injection (6.59)

WordPress Plugin Travelpayouts:All Travel Brands in One Place Cross-Site Scripting (0.7.12)

WordPress Plugin All in One SEO-Best WordPress SEO-Easily Improve SEO Rankings & Increase Traffic Cross-Site Scripting (2.3.7)

WordPress Plugin Translate WordPress with GTranslate Open Redirect (2.8.10)

Severity

Medium

Classification

CVE-2019-20404 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities