CVE-2020-4028

Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure vulnerability.
References
Link Resource
https://jira.atlassian.com/browse/JRASERVER-71175 Issue Tracking Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_software_data_center:*:*:*:*:*:*:*:*

Information

Published : 2020-06-23 01:15

Updated : 2020-07-08 02:26


NVD link : CVE-2020-4028

Mitre link : CVE-2020-4028

Products Affected
No products.
CWE