Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CVE-2020-14173

Published

3 years ago

Last Modified

2 years ago

CVSSv2.0 Severity

Low

CVSSv3.1 Severity

Medium

Impact Analysis

The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1..

CVSSv2.0 Score

Severity: Low
Base Score: 3.5/10
Exploit Score: 6.8/10
Access Vector: Network
Access Complexity: Medium
Authentication Required: Single
Impact Score: 2.9/10
Confidentiality Impact: None
Availability Impact: None
Integrity Impact: Partial

CVSSv3.1 Score

Severity: Medium
Base Score: 5.4/10
Exploit Score: 2.3/10
Access Vector: Network
Access Complexity: Low
Privileges Required: Low
Impact Score: 2.7/10
Confidentiality Impact: Low
Availability Impact: None
Integrity Impact: Low
Scope: Changed
User Interaction: Required

Products Affected

CPE	Affected	Vulnerable	Excluding
cpe:2.3:a:atlassian:jira::::::::	Yes	-	8.5.4
cpe:2.3:a:atlassian:jira_software_data_center:::::::*:	Yes	-	8.5.4
cpe:2.3:a:atlassian:jira_server::::::::	Yes	8.7.0	8.7.1
cpe:2.3:a:atlassian:jira_server::::::::	Yes	8.6.0	8.6.2
cpe:2.3:a:atlassian:jira_data_center::::::::	Yes	8.6.0	8.6.2
cpe:2.3:a:atlassian:jira_data_center::::::::	Yes	8.7.0	8.7.1

References

https://jira.atlassian.com/browse/JRASERVER-70814