First published: Fri Jul 03 2020(Updated: )
The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.
Credit: security@atlassian.com
Affected Software | Affected Version | How to fix |
---|---|---|
Atlassian JIRA | <8.5.4 | |
Atlassian Jira Data Center | >=8.6.0<8.6.2 | |
Atlassian Jira Data Center | >=8.7.0<8.7.1 | |
Atlassian Jira Server | >=8.6.0<8.6.2 | |
Atlassian Jira Server | >=8.7.0<8.7.1 | |
Atlassian Jira Software Data Center | <8.5.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-14173 is a cross-site scripting (XSS) vulnerability in Atlassian Jira Server and Data Center that allows remote attackers to inject arbitrary HTML or JavaScript via the file upload feature.
The severity of CVE-2020-14173 is medium with a severity score of 5.4.
The affected versions of Atlassian Jira Server and Data Center are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.
A remote attacker can exploit the CVE-2020-14173 vulnerability by injecting arbitrary HTML or JavaScript through the file upload feature in Atlassian Jira Server and Data Center.
Yes, you can fix the CVE-2020-14173 vulnerability by upgrading Atlassian Jira Server and Data Center to version 8.5.4 or later, version 8.6.2 or later, or version 8.7.1 or later.