What is CVE-2020-14181?

CVE-2020-14181 is a vulnerability in Atlassian Jira Server. Published 2020-09-17.

Is CVE-2020-14181 known to be exploited?

58 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Atlassian Jira Server

CVE-2020-14181

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, f…

EPSS: 0.930 (99.8th percentile) — read the EPSS interpretation.

Affected products

Atlassian Jira Server — versions unspecified, 8.0.0, 8.6.0

Public proof-of-concept exploits

Rival420/CVE-2020-14181
bk-rao/CVE-2020-14181
und3sc0n0c1d0/UserEnumJira
rapid7/metasploit-framework
20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
ArrestX/--POC
Drajoncr/AttackWebFrameworkTools
Elsfa7-110/kenzer-templates

References

jira.atlassian.com/browse/JRASERVER-71560 (x_refsource_MISC)
packetstormsecurity.com/files/161730/Atlassian-JIRA-8.11.1-User-Enumeration.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-14181?: CVE-2020-14181 is a vulnerability in Atlassian Jira Server. Published 2020-09-17.
Is CVE-2020-14181 known to be exploited?: 58 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.