CVE-2020-14192: Infoleak
First published: Tue Feb 02 2021(Updated: )
Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Crucible | <4.8.4 | |
| Atlassian FishEye | <4.8.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-14192?
CVE-2020-14192 is an Information Disclosure vulnerability in Atlassian Fisheye and Crucible.
What is the severity of CVE-2020-14192?
The severity of CVE-2020-14192 is medium, with a severity score of 4.3.
How does CVE-2020-14192 affect Atlassian Fisheye and Crucible?
CVE-2020-14192 allows remote attackers to view a product's SEN (Support Entitlement Number) by exploiting the information disclosure vulnerability in the x-asen response header from Atlassian Analytics.
Which versions of Atlassian Fisheye and Crucible are affected by CVE-2020-14192?
The affected versions of Atlassian Fisheye and Crucible are versions before 4.8.4.
How can I fix CVE-2020-14192?
To fix CVE-2020-14192, upgrade your Atlassian Fisheye and Crucible installations to version 4.8.4 or later.
- collector/nvd-index
- vendor/atlassian
- canonical/atlassian crucible
- canonical/atlassian fisheye