Description

Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure vulnerability.

Remediation

References

CVE-2020-4028

Related Vulnerabilities

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Cross-Site Scripting (2.0.51)

WordPress Plugin Themify Portfolio Post Cross-Site Scripting (1.1.9)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-38263)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-0793)

Opencart Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-47444)

Severity

Medium

Classification

CVE-2020-4028 CWE-203

Tags

Missing Update Known Vulnerabilities