CVE-2019-20404
First published: Tue Feb 04 2020(Updated: )
The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Data Center | >=8.2.4<8.6.0 | |
| Atlassian Data Center | >=8.6.1<8.7.0 | |
| Atlassian Server | >=8.2.4<8.6.0 | |
| Atlassian Server | >=8.6.1<8.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-20404?
CVE-2019-20404 has a medium severity rating due to its improper authorization vulnerability.
How do I fix CVE-2019-20404?
To fix CVE-2019-20404, update Atlassian Jira Server and Data Center to version 8.6.0 or later.
Who is affected by CVE-2019-20404?
CVE-2019-20404 affects users of Atlassian Jira Server and Data Center versions prior to 8.6.0.
What type of vulnerability is CVE-2019-20404?
CVE-2019-20404 is classified as an improper authorization vulnerability.
Can CVE-2019-20404 be exploited remotely?
Yes, CVE-2019-20404 can be exploited by authenticated remote attackers.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/last-modified-date
- agent/severity
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/atlassian
- canonical/atlassian data center
- version/atlassian data center/8.2.4
- version/atlassian data center/8.6.1
- canonical/atlassian server
- version/atlassian server/8.2.4
- version/atlassian server/8.6.1