CVE-2020-14179

Name of the Vulnerable Software and Affected Versions Atlassian Jira Server and Data Center versions prior to 8.5.8 Atlassian Jira Server and Data Center versions 8.6.0 through 8.11.0

Description The issue is related to an information disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint, allowing remote, unauthenticated attackers to view custom field names and custom SLA names.

Recommendations For versions prior to 8.5.8, update to version 8.5.8 or later. For versions 8.6.0 through 8.11.0, update to version 8.11.1 or later. As a temporary workaround, consider restricting access to the /secure/QueryComponent!Default.jspa endpoint until a patch is available.