From 4d498df294c3a202ee8f6a669cfa89f2f851e268 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 21 Sep 2020 01:01:43 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/14xxx/CVE-2020-14179.json | 136 +++++++++++++++++---------------- 2020/14xxx/CVE-2020-14180.json | 120 +++++++++++++++-------------- 2 files changed, 130 insertions(+), 126 deletions(-) diff --git a/2020/14xxx/CVE-2020-14179.json b/2020/14xxx/CVE-2020-14179.json index 0c2a339581d..f27bde70036 100644 --- a/2020/14xxx/CVE-2020-14179.json +++ b/2020/14xxx/CVE-2020-14179.json @@ -1,70 +1,72 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2020-09-11T00:00:00", - "ID": "CVE-2020-14179", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira Server", - "version": { - "version_data": [ - { - "version_value": "8.5.8", - "version_affected": "<" - }, - { - "version_value": "8.6.0", - "version_affected": ">=" - }, - { - "version_value": "8.11.1", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Improper Authorization" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-09-11T00:00:00", + "ID": "CVE-2020-14179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.5.8", + "version_affected": "<" + }, + { + "version_value": "8.6.0", + "version_affected": ">=" + }, + { + "version_value": "8.11.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-71536" - } - ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-71536", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-71536" + } + ] + } } \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14180.json b/2020/14xxx/CVE-2020-14180.json index 4c98984c84e..dfe8680eba6 100644 --- a/2020/14xxx/CVE-2020-14180.json +++ b/2020/14xxx/CVE-2020-14180.json @@ -1,62 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2020-07-02T00:00:00", - "ID": "CVE-2020-14180", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira Service Desk Server", - "version": { - "version_data": [ - { - "version_value": "4.12.0", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are before version 4.12.0." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Broken Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-07-02T00:00:00", + "ID": "CVE-2020-14180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Service Desk Server", + "version": { + "version_data": [ + { + "version_value": "4.12.0", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JSDSERVER-6917" - } - ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are before version 4.12.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Broken Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JSDSERVER-6917", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JSDSERVER-6917" + } + ] + } } \ No newline at end of file