Vulnerabilities > CVE-2020-14185 - Missing Authorization vulnerability in Atlassian Jira

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
atlassian
CWE-862
NVD
Published: 2020-10-15
Updated: 2022-03-25

Summary

Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2.

Vulnerable Configurations

Part Description Count
Application
Atlassian
551

Common Weakness Enumeration (CWE)

References