CVE-2019-20410

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and from version 8.0.0 before 8.4.2.

Published: Jun 29, 2020
Updated: Apr 13, 2023
CVE: CVE-2019-20410
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
atlassian / jira	-	7.6.17
atlassian / jira_software_data_center	-	7.6.17
atlassian / jira_server	8.0.0	8.4.2
atlassian / jira_server	7.7.0	7.13.9
atlassian / jira_data_center	7.7.0	7.13.9
atlassian / jira_data_center	8.0.0	8.4.2

https://jira.atlassian.com/browse/JRASERVER-70884

Vulnerability Database

289,784

CVE-2019-20410