CVE-2020-14168

The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle (MITM) vulnerability.

Published: Jul 1, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-14168
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
atlassian / jira	-	7.13.14
atlassian / jira_software_data_center	-	7.13.14
atlassian / jira_server	8.5.0	8.5.5
atlassian / jira_server	8.8.0	8.8.2
atlassian / jira_server	8.9.0	8.9.1
atlassian / jira_data_center	8.5.0	8.5.5
atlassian / jira_data_center	8.8.0	8.8.2
atlassian / jira_data_center	8.9.0	8.9.1

https://jira.atlassian.com/browse/JRASERVER-71198

Vulnerability Database

289,784

CVE-2020-14168