Vulnerability Description
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, from version 8.6.0 before 8.9.2, and from version 8.10.0 before 8.10.1.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Jira | < 7.13.16 |
| Atlassian | Jira Data Center | >= 8.0.0, < 8.5.7 |
| Atlassian | Jira Server | >= 8.0.0, < 8.5.7 |
| Atlassian | Jira Software Data Center | < 7.13.16 |
Related Weaknesses (CWE)
References
- https://jira.atlassian.com/browse/JRASERVER-71275Issue TrackingVendor Advisory
- https://jira.atlassian.com/browse/JRASERVER-71275Issue TrackingVendor Advisory
FAQ
What is CVE-2020-14174?
CVE-2020-14174 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administratio...
How severe is CVE-2020-14174?
CVE-2020-14174 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-14174?
Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Jira, Atlassian Jira Data Center, Atlassian Jira Server, Atlassian Jira Software Data Center.