Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure vulnerability.
References
Link | Resource |
---|---|
https://jira.atlassian.com/browse/JRASERVER-71175 | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: atlassian
Published: 2020-06-17T00:00:00
Updated: 2020-06-23T12:55:12
Reserved: 2019-12-30T00:00:00
Link: CVE-2020-4028
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-06-23T13:15:17.760
Modified: 2020-07-08T14:26:25.577
Link: CVE-2020-4028
JSON object: View
Redhat Information
No data.
CWE