Improper Authentication Vulnerability in Atlassian Jira Server and Data Center Allows Information Enumeration

Improper Authentication Vulnerability in Atlassian Jira Server and Data Center Allows Information Enumeration

CVE-2019-20412 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of the workflow name; Issue Keys; Issue Types; Status Types. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.

Learn more about our Cis Benchmark Audit For Server Software.