Vulnerability Database

309,364

Total vulnerabilities in the database

CVE-2020-4028

Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure vulnerability.

  • Published: Jun 23, 2020
  • Updated: Nov 16, 2025
  • CVE: CVE-2020-4028
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.3
  • AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
atlassian / jira - 8.9.1
atlassian / jira_software_data_center - 8.9.1