| Vulnerability Name: | CVE-2020-14184 |
| Assigned: | 2020-10-12 |
| Published: | 2020-10-12 |
| Updated: | 2022-03-25 |
| Summary: | Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1.
|
| CVSS v3 Severity: | 5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required | | Scope: | Scope (S): Changed
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None |
5.4 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required | | Scope: | Scope (S): Changed
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None |
|
| CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance | | Impact Metrics: | Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None |
3.5 Low (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): Single_Instance
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None |
|
| Vulnerability Type: | CWE-79
|
| References: | Source: MITRE
Type: CNA
CVE-2020-14184
Source: MISC
Type: Vendor Advisory
https://jira.atlassian.com/browse/JRASERVER-71652
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:atlassian:jira:*:*:*:*:*:*:*:* (Version < 8.5.9)OR cpe:/a:atlassian:jira_server:*:*:*:*:*:*:*:* (Version >= 8.6.0 and < 8.12.3)OR cpe:/a:atlassian:jira_server:8.13.0:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |