Registering a Jira Server issue.

2025-06-12 02:05:39 +00:00 · 2020-07-13 14:43:02 +10:00 · 2020-07-13 14:43:02 +10:00 · 8ec765cfd5
commit 8ec765cfd5
parent b2202b84f5
1 changed files with 83 additions and 15 deletions
--- a/2020/14xxx/CVE-2020-14174.json
+++ b/2020/14xxx/CVE-2020-14174.json
@ -1,18 +1,86 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2020-14174",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
+   "CVE_data_meta": {
+      "ASSIGNER": "security@atlassian.com",
+      "DATE_PUBLIC": "2020-07-08T00:00:00",
+      "ID": "CVE-2020-14174",
+      "STATE": "PUBLIC"
+   },
+   "affects": {
+      "vendor": {
+         "vendor_data": [
            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+               "product": {
+                  "product_data": [
+                     {
+                        "product_name": "Jira Server",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "version_value": "7.13.6",
+                                 "version_affected": "<"
+                              },
+                              {
+                                 "version_value": "8.0.0",
+                                 "version_affected": ">="
+                              },
+                              {
+                                 "version_value": "8.5.7",
+                                 "version_affected": "<"
+                              },
+                              {
+                                 "version_value": "8.6.0",
+                                 "version_affected": ">="
+                              },
+                              {
+                                 "version_value": "8.9.2",
+                                 "version_affected": "<"
+                              },
+                              {
+                                 "version_value": "8.10.0",
+                                 "version_affected": ">="
+                              },
+                              {
+                                 "version_value": "8.10.1",
+                                 "version_affected": "<"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name": "Atlassian"
            }
-        ]
-    }
-}
+         ]
+      }
+   },
+   "data_format": "MITRE",
+   "data_type": "CVE",
+   "data_version": "4.0",
+   "description": {
+      "description_data": [
+         {
+            "lang": "eng",
+            "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, from version 8.6.0 before 8.9.2, and from version 8.10.0 before 8.10.1."
+         }
+      ]
+   },
+   "problemtype": {
+      "problemtype_data": [
+         {
+            "description": [
+               {
+                  "lang": "eng",
+                  "value": "Insecure Direct Object References (IDOR)"
+               }
+            ]
+         }
+      ]
+   },
+   "references": {
+      "reference_data": [
+         {
+            "url": "https://jira.atlassian.com/browse/JRASERVER-71275"
+         }
+      ]
+   }
+}