CVE-2019-20899 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2019-20899

CWE

https://cwe.mitre.org/data/definitions/.html

The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1.

Affected Software

Name	Vendor	Start Version	End Version
Jira	Atlassian	*	8.5.4 (excluding)
Jira_data_center	Atlassian	8.5.5 (including)	8.6.1 (excluding)
Jira_data_center	Atlassian	8.6.2 (including)	8.7.0 (excluding)
Jira_server	Atlassian	8.5.5 (including)	8.6.1 (excluding)
Jira_server	Atlassian	8.6.2 (including)	8.7.0 (excluding)
Jira_software_data_center	Atlassian	*	8.5.4 (excluding)

References

https://jira.atlassian.com/browse/JRASERVER-70808
https://jira.atlassian.com/browse/JRASERVER-70808