First published: Sun Feb 14 2021(Updated: )
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view. The affected versions are before version 8.13.2, and from version 8.14.0 before 8.14.1.
Credit: security@atlassian.com
Affected Software | Affected Version | How to fix |
---|---|---|
Atlassian JIRA | <8.13.2 | |
Atlassian Jira Server | >=8.14.0<8.14.1 | |
Atlassian Jira Software Data Center | <8.13.2 | |
Atlassian Jira Software Data Center | >=8.14.0<8.14.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2020-36235.
The severity of CVE-2020-36235 is medium with a severity value of 5.3.
Unauthenticated remote attackers can exploit CVE-2020-36235 to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view.
Affected versions of Atlassian Jira Server and Data Center are before version 8.13.2, and from version 8.14.0 before 8.14.1.
Yes, to fix CVE-2020-36235, upgrade to version 8.13.2 or higher, or upgrade to version 8.14.1 or higher.