QID 730198

Date Published: 2021-09-20

QID 730198: Atlassian Jira Server and Data Center Broken Access Control Vulnerability (JRASERVER-72618)

Jira is a proprietary issue tracking product, developed by Atlassian. It provides bug tracking, issue tracking, and project management functions.

CVE-2019-20101: Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken Access Control vulnerability.

Affected version:
Atlassian Jira Server and Data Center version prior to 8.13.3
Atlassian Jira Server and Data Center version from 8.14.0 prior to 8.14.1

QID Detection Logic:(Unauthenticated)
It checks for vulnerable version of Atlassian Jira.

Successful exploitation of this vulnerability may allow anonymous remote attackers to view whitelist rules via a Broken Access Control vulnerability.

  • CVSS V3 rated as Medium - 5.3 severity.
  • CVSS V2 rated as Medium - 5 severity.
  • Solution
    Customers are advised to refer to JRASERVER-72618 for updates pertaining to this vulnerability.
    Vendor References

    CVEs related to QID 730198

    Software Advisories
    Advisory ID Software Component Link
    JRASERVER-72618 URL Logo jira.atlassian.com/browse/JRASERVER-72618