HTTP: Atlassian Jira Server and Data Center ViewUserHover.jspa Information Disclosure

This signature detects attempts to exploit a known vulnerability against Atlassian Jira Server and Data Center. A successful attack can lead to sensitive information disclosure.

Extended Description

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0.

Affected Products

Atlassian jira_server

References

CVE: CVE-2020-14181

Short Name
HTTP:CTS:ATLASN-VIEWUSR-ID
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Atlassian CVE-2020-14181 Center Data Disclosure Information Jira Server ViewUserHover.jspa and
Release Date
12/03/2020
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3590
False Positive
Unknown
Vendors

Atlassian

CVSS Score

5.0

Found a potential security threat?