CVE-2019-20416: XSS
First published: Tue Jun 30 2020(Updated: )
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature. The affected versions are before version 8.3.0.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian JIRA | <8.3.0 | |
| Atlassian Jira Software Data Center | <8.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-20416.
What is the severity level of this vulnerability?
The severity level of this vulnerability is medium with a CVSS score of 4.8.
Which versions of Atlassian Jira Server and Data Center are affected by this vulnerability?
The affected versions of Atlassian Jira Server and Data Center are before version 8.3.0.
What is the impact of this vulnerability?
This vulnerability allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting (XSS) vulnerability in the project configuration feature.
Is there a fix available for this vulnerability?
Yes, upgrading to version 8.3.0 or later of Atlassian Jira Server and Data Center will fix this vulnerability.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/event
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/atlassian
- canonical/atlassian jira
- canonical/atlassian jira software data center