What is CVE-2020-14179?

CVE-2020-14179 is a vulnerability in Atlassian Jira Server. Published 2020-09-21.

Is CVE-2020-14179 known to be exploited?

30 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Atlassian Jira Server

CVE-2020-14179

Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpo…

EPSS: 0.926 (99.8th percentile) — read the EPSS interpretation.

Affected products

Atlassian Jira Server — versions unspecified, 8.6.0

Public proof-of-concept exploits

c0brabaghdad1/CVE-2020-14179
mrnazu/CVE-2020-14179
0romos/CVE-2020-14179
0x0060/CVE-2020-14179
20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
Elsfa7-110/kenzer-templates
Faizee-Asad/JIRA-Vulnerabilities
J1ezds/Vulnerability-Wiki-page

References

jira.atlassian.com/browse/JRASERVER-71536 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-14179?: CVE-2020-14179 is a vulnerability in Atlassian Jira Server. Published 2020-09-21.
Is CVE-2020-14179 known to be exploited?: 30 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.