CVE-2019-20412
First published: Mon Jun 29 2020(Updated: )
The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of the workflow name; Issue Keys; Issue Types; Status Types. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian JIRA | <7.13.9 | |
| Atlassian Jira Data Center | >=8.0.0<8.4.2 | |
| Atlassian Jira Server | >=8.0.0<8.4.2 | |
| Atlassian Jira Software Data Center | <7.13.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2019-20412.
What is the severity of CVE-2019-20412?
The severity of CVE-2019-20412 is medium with a CVSS score of 5.3.
What is the affected software?
The affected software includes Atlassian Jira Server, Atlassian Jira Data Center, and Atlassian Jira Software Data Center.
What information can remote attackers enumerate through this vulnerability?
Remote attackers can enumerate Workflow names, Project Key (if it is part of the Workflow name), Issue Keys, Issue Types, and Status through this vulnerability.
Is there a fix available for CVE-2019-20412?
Yes, a fix is available for CVE-2019-20412. Please refer to the reference link for more information.
- collector/nvd-index
- vendor/atlassian
- canonical/atlassian jira
- canonical/atlassian jira data center
- version/atlassian jira data center/8.0.0
- canonical/atlassian jira server
- version/atlassian jira server/8.0.0
- canonical/atlassian jira software data center