CVE-2020-4028
First published: Tue Jun 23 2020(Updated: )
Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure vulnerability.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian JIRA | <8.9.1 | |
| Atlassian Jira Software Data Center | <8.9.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-4028?
CVE-2020-4028 is a vulnerability in Jira versions before 8.9.1 that allows unauthenticated attackers to determine if certain resources exist or not through an Information Disclosure vulnerability.
How does CVE-2020-4028 affect Jira?
CVE-2020-4028 affects Jira versions before 8.9.1 by allowing unauthenticated attackers to determine the existence of certain resources.
What is the severity of CVE-2020-4028?
The severity of CVE-2020-4028 is medium with a CVSS score of 5.3.
Which versions of Jira are affected by CVE-2020-4028?
Jira versions before 8.9.1 are affected by CVE-2020-4028.
Is there a fix for CVE-2020-4028?
Yes, upgrading Jira to version 8.9.1 or higher will fix CVE-2020-4028.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/softwarecombine
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/atlassian
- canonical/atlassian jira
- canonical/atlassian jira software data center