Description

The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of the workflow name; Issue Keys; Issue Types; Status Types. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.

Remediation

References

CVE-2019-20412

Related Vulnerabilities

ownCloud Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-1893)

Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-19039)

b2evolution Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9599)

MySQL CVE-2018-2817 Vulnerability (CVE-2018-2817)

ownCloud Improper Access Control Vulnerability (CVE-2016-9462)

Severity

Medium

Classification

CVE-2019-20412 CWE-287

Tags

Missing Update Known Vulnerabilities