PT-2020-17842 · Atlassian · Jira

Published

2020-06-23

Updated

2020-07-08

CVE-2020-4028

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jira versions prior to 8.9.1

Description The issue allows unauthorized attackers to determine if certain resources exist or not through an information disclosure. This happens because various resources in Jira respond with a 404 instead of redirecting unauthenticated users to the login page.

Recommendations For versions prior to 8.9.1, update to version 8.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive resources to minimize the risk of exploitation.

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

CVE-2020-4028

Affected Products

Jira

PT-2020-17842 · Atlassian · Jira

CVE-2020-4028

Weakness Enumeration

Related Identifiers

Affected Products

References · 4