Description

The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1.

Remediation

References

CVE-2019-20899

Related Vulnerabilities

IBM RTC Cross-site Scripting (XSS) Vulnerability (CVE-2020-4691)

PHP Other Vulnerability (CVE-2007-3790)

WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.12)

WordPress Plugin Dropdown Menu Widget Cross-Site Request Forgery (1.9.1)

Moodle Improper Control of Generation of Code (Code Injection) (CVE-2019-14827)

Severity

Medium

Classification

CVE-2019-20899

Tags

Missing Update Known Vulnerabilities