{"containers": {"cna": {"affected": [{"product": "Jira Server", "vendor": "Atlassian", "versions": [{"lessThan": "7.13.6", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "8.0.0", "versionType": "custom"}, {"lessThan": "8.5.7", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "8.6.0", "versionType": "custom"}, {"lessThan": "8.9.2", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "8.10.0", "versionType": "custom"}, {"lessThan": "8.10.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2020-07-08T00:00:00", "descriptions": [{"lang": "en", "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, from version 8.6.0 before 8.9.2, and from version 8.10.0 before 8.10.1."}], "problemTypes": [{"descriptions": [{"description": "Insecure Direct Object References (IDOR)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-13T04:45:13", "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://jira.atlassian.com/browse/JRASERVER-71275"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2020-07-08T00:00:00", "ID": "CVE-2020-14174", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jira Server", "version": {"version_data": [{"version_affected": "<", "version_value": "7.13.6"}, {"version_affected": ">=", "version_value": "8.0.0"}, {"version_affected": "<", "version_value": "8.5.7"}, {"version_affected": ">=", "version_value": "8.6.0"}, {"version_affected": "<", "version_value": "8.9.2"}, {"version_affected": ">=", "version_value": "8.10.0"}, {"version_affected": "<", "version_value": "8.10.1"}]}}]}, "vendor_name": "Atlassian"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, from version 8.6.0 before 8.9.2, and from version 8.10.0 before 8.10.1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insecure Direct Object References (IDOR)"}]}]}, "references": {"reference_data": [{"name": "https://jira.atlassian.com/browse/JRASERVER-71275", "refsource": "MISC", "url": "https://jira.atlassian.com/browse/JRASERVER-71275"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:39:36.196Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.atlassian.com/browse/JRASERVER-71275"}]}]}, "cveMetadata": {"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "assignerShortName": "atlassian", "cveId": "CVE-2020-14174", "datePublished": "2020-07-13T04:45:13.167764Z", "dateReserved": "2020-06-16T00:00:00", "dateUpdated": "2024-09-16T20:31:56.101Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB024412-F7F7-4F32-A14C-91997AE99B17", "versionEndExcluding": "7.13.16", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F6F4D92-50B2-4834-9458-9D3FCB22E292", "versionEndExcluding": "8.5.7", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2E5D8F1-E892-4C7B-86E3-C3D71643D8E4", "versionEndExcluding": "8.9.2", "versionStartIncluding": "8.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_data_center:8.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "4D3F7A68-9FA8-429A-B060-FE6250AADFAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "02038437-F649-42CD-AEF6-730862241452", "versionEndExcluding": "8.5.7", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8433757-D455-458D-A82C-2C488FBDF58F", "versionEndExcluding": "8.9.2", "versionStartIncluding": "8.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_server:8.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "6A1DE42A-2CAD-4681-8BB3-6BDA956A4D4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_software_data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "DEC5C067-DF59-4387-8B1B-040E01150424", "versionEndExcluding": "7.13.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, from version 8.6.0 before 8.9.2, and from version 8.10.0 before 8.10.1."}, {"lang": "es", "value": "Las versiones afectadas de Atlassian Jira Server y Data Center, permiten a atacantes remotos visualizar t\u00edtulos de un proyecto privado por medio de una vulnerabilidad de Referencia Directa a Objetos No Segura (IDOR) en el Administration Permission Helper. Las versiones afectadas son anteriores a versi\u00f3n 7.13.6, desde versi\u00f3n 8.0.0 anteriores a  8.5.7, desde versi\u00f3n 8.6.0 anteriores a 8.9.2 y desde versi\u00f3n 8.10.0 anteriores a 8.10.1"}], "id": "CVE-2020-14174", "lastModified": "2024-11-21T05:02:47.973", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-13T05:15:11.057", "references": [{"source": "security@atlassian.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/JRASERVER-71275"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/JRASERVER-71275"}], "sourceIdentifier": "security@atlassian.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}