Jira Service Desk
CVE-2020-14180
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are before version 4.12.0.
AnalysisAI
Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are before version 4.12.0. Affected products include: Atlassian Jira Service Desk. Version information: version 4.12.0..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Jira Service Desk
View allA vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Fil
The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remo
The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from
The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.1
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administ
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user w
The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from
Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong ima
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today