CVE-2020-14178 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2020-14178

CWE

https://cwe.mitre.org/data/definitions/.html

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 before 8.12.0.

Affected Software

Name	Vendor	Start Version	End Version
Jira	Atlassian	*	7.13.7 (excluding)
Jira_data_center	Atlassian	8.0.0 (including)	8.5.8 (excluding)
Jira_data_center	Atlassian	8.6.0 (including)	8.12.0 (excluding)
Jira_server	Atlassian	8.0.0 (including)	8.5.8 (excluding)
Jira_server	Atlassian	8.6.0 (including)	8.12.0 (excluding)
Jira_software_data_center	Atlassian	*	7.13.7 (excluding)

References

https://jira.atlassian.com/browse/JRASERVER-71498
https://jira.atlassian.com/browse/JRASERVER-71498