Home

CVE-2020-14174

Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, from version 8.6.0 before 8.9.2, and from version 8.10.0 before 8.10.1.

Risk Information

Base Score
4.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.139

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Atlassian Jira 8.9.1Windows
Multiple Vulnerabilities are affected in Atlassian Jira Core Data Center 8.6.2Windows
Vulnerabilities CVE-2020-14174 are affected in Atlassian Jira Core Data Center 8.10.0Windows
Vulnerabilities CVE-2020-14174,CVE-2020-14178,CVE-2020-14179 are affected in Atlassian Jira Core Data Center 8.5.6Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234