What is CVE-2019-20897?

CVE-2019-20897 is a medium-severity vulnerability in Atlassian Jira, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 6.5/10. Published 2020-07-13.

How severe is CVE-2019-20897?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Arbitrary file upload in Atlassian Jira

CVE-2019-20897

The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before…

Vulnerability class: Unrestricted File Upload

EPSS: 0.019 (76.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

Atlassian Jira
Atlassian Jira_data_center
Atlassian Jira Server — versions unspecified, 8.6.0, unspecified
Atlassian Jira_server
Atlassian Jira_software_data_center

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

References

security@atlassian.com (Patch, x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2019-20897?: CVE-2019-20897 is a medium-severity vulnerability in Atlassian Jira, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 6.5/10. Published 2020-07-13.
How severe is CVE-2019-20897?: Medium severity. CVSS v3 base score is 6.5 out of 10.