Description

Due to an information disclosure vulnerability, Jira's QueryComponent!Default.jspa endpoint allows unauthenticated attackers to view custom field names and custom SLA names

Remediation

Consult "Web references" for more information about solutions.

References

Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint - CVE-2020-14179

Related Vulnerabilities

Joomla! Core 3.x.x Information Disclosure (3.0.0 - 3.9.19)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-1177)

Oracle Database Server CVE-2009-1991 Vulnerability (CVE-2009-1991)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-3591)

XWikiplatform Other Vulnerability (CVE-2024-46979)

Severity

Medium

Classification

CVE-2020-14179 CWE-288 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Known Vulnerabilities