A vulnerability was found in Atlassian Jira Service Desk Server and Data Center up to 4.11.x (Bug Tracking Software). It has been declared as problematic. This vulnerability affects an unknown code block of the component Project Request Type Handler.
Atlassian’s Data Center products give you all the features you’d find in Server, but with more control over your data, more flexibility in your infrastructure, and more support for large or growing teams. In addition to these existing features, we’re continuing to make more investments and improvements in Data Center that meet the unique needs of large and complex organizations. For these reasons and more, Data Center is a great choice for enterprises.
The manipulation with an unknown input leads to a information disclosure vulnerability. The CWE definition for the vulnerability is CWE-200 . As an impact it is known to affect confidentiality.
As an impact it is known to affect confidentiality.
The weakness was released 09/21/2020. The advisory is shared for download at jira.atlassian.com .
This vulnerability was named CVE-2020-14180 since 06/16/2020. The attack can be initiated remotely. There are neither technical details nor an exploit publicly available.
Upgrading to version 4.12.0 eliminates this vulnerability.