CVE-2020-4022: XSS
First published: Wed Jul 01 2020(Updated: )
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian JIRA | <8.5.5 | |
| Atlassian Jira Data Center | >=8.6.0<8.8.2 | |
| Atlassian Jira Data Center | >=8.9.0<8.9.1 | |
| Atlassian Jira Server | >=8.6.0<8.8.2 | |
| Atlassian Jira Server | >=8.9.0<8.9.1 | |
| Atlassian Jira Software Data Center | <8.5.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-4022?
CVE-2020-4022 is a Cross-Site Scripting (XSS) vulnerability in Atlassian Jira Server and Data Center.
How does CVE-2020-4022 affect Atlassian Jira?
CVE-2020-4022 allows remote attackers to inject arbitrary HTML or JavaScript into issue attachments.
Which versions of Atlassian Jira are affected by CVE-2020-4022?
Atlassian Jira Server and Data Center before version 8.5.5, from version 8.6.0 to 8.8.2, and from version 8.9.0 to 8.9.1 are affected.
What is the severity of CVE-2020-4022?
The severity of CVE-2020-4022 is medium with a CVSS score of 6.1.
How can I fix CVE-2020-4022 in Atlassian Jira?
To fix CVE-2020-4022 in Atlassian Jira, update to version 8.5.5 or higher for Jira Server and Data Center, or to a version higher than 8.9.1 for Jira Server and Data Center.
- collector/nvd-index
- vendor/atlassian
- canonical/atlassian jira
- canonical/atlassian jira data center
- version/atlassian jira data center/8.6.0
- version/atlassian jira data center/8.9.0
- canonical/atlassian jira server
- version/atlassian jira server/8.6.0
- version/atlassian jira server/8.9.0
- canonical/atlassian jira software data center