Description

Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure vulnerability.

Remediation

References

CVE-2020-4028

Related Vulnerabilities

WordPress Plugin WordPress Sentinel Multiple Vulnerabilities (1.0.0)

WordPress Plugin St-Daily-Tip Cross-Site Request Forgery (4.7)

MySQL CVE-2014-6500 Vulnerability (CVE-2014-6500)

WordPress Plugin WP Cost Estimation & Payment Forms Builder Multiple Vulnerabilities (9.642)

Oracle Application Server Other Vulnerability (CVE-2005-3451)

Severity

Medium

Classification

CVE-2020-4028 CWE-203

Tags

Missing Update Known Vulnerabilities