Overview
- Description
- Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's Support Entitlement Number (SEN) via an Information Disclosure vulnerability in the HTTP Response headers. The affected versions are before version 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before 8.12.1.
- Source
- security@atlassian.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atlassian:jira:*:*:*:*:data_center:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C4E14497-BE54-41E5-BE0C-C9CB84D2A2C9",
"versionEndExcluding": "7.13.18"
},
{
"criteria": "cpe:2.3:a:atlassian:jira:*:*:*:*:server:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E43F04A4-FFD8-4EF0-A64B-67A7390FBE9B",
"versionEndExcluding": "7.13.18"
},
{
"criteria": "cpe:2.3:a:atlassian:jira:*:*:*:*:data_center:*:*:*",
"vulnerable": true,
"matchCriteriaId": "747BDDBB-A75C-48C7-A907-3514EA0AE9ED",
"versionEndExcluding": "8.5.9",
"versionStartIncluding": "8.0.0"
},
{
"criteria": "cpe:2.3:a:atlassian:jira:*:*:*:*:server:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C5C7FD5B-E968-4162-AAE6-872577B08A25",
"versionEndExcluding": "8.5.9",
"versionStartIncluding": "8.0.0"
},
{
"criteria": "cpe:2.3:a:atlassian:jira:*:*:*:*:data_center:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C55C6477-FB8F-4B94-85C4-EE765B0FBC54",
"versionEndExcluding": "8.12.1",
"versionStartIncluding": "8.6.0"
},
{
"criteria": "cpe:2.3:a:atlassian:jira:*:*:*:*:server:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B53EB7A4-2303-4F3C-A6C1-58E4DC85BEB2",
"versionEndExcluding": "8.12.1",
"versionStartIncluding": "8.6.0"
}
],
"operator": "OR"
}
]
}
]