Description

Due to an information disclosure vulnerability, Jira's QueryComponent!Default.jspa endpoint allows unauthenticated attackers to view custom field names and custom SLA names

Remediation

Consult "Web references" for more information about solutions.

References

Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint - CVE-2020-14179

Related Vulnerabilities

Jboss EAP Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2017-7561)

Jboss EAP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-5188)

Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10353)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-31549)

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-3455)

Severity

Medium

Classification

CVE-2020-14179 CWE-288 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Known Vulnerabilities