CVE-2020-14167

The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to impact the application's availability via an Denial of Service (DoS) vulnerability.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://jira.atlassian.com/browse/JRASERVER-71197	Vendor Advisory
https://jira.atlassian.com/browse/JRASERVER-71197	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:atlassian:jira::::::::
	cpe:2.3:a:atlassian:jira_data_center::::::::
	cpe:2.3:a:atlassian:jira_data_center::::::::
	cpe:2.3:a:atlassian:jira_data_center::::::::
	cpe:2.3:a:atlassian:jira_server::::::::
	cpe:2.3:a:atlassian:jira_server::::::::
	cpe:2.3:a:atlassian:jira_server::::::::
	cpe:2.3:a:atlassian:jira_software_data_center::::::::

History

21 Nov 2024, 05:02

Type	Values Removed	Values Added
References	~~() https://jira.atlassian.com/browse/JRASERVER-71197 - Vendor Advisory~~	() https://jira.atlassian.com/browse/JRASERVER-71197 - Vendor Advisory

30 Mar 2022, 13:17

Type	Values Removed	Values Added
CPE		cpe:2.3:a:atlassian:jira_data_center::::::::

25 Mar 2022, 17:18

Type	Values Removed	Values Added
CPE		cpe:2.3:a:atlassian:jira_server::::::::

Information

Published : 2020-07-01 02:15

Updated : 2024-11-21 05:02

NVD link : CVE-2020-14167

Mitre link : CVE-2020-14167

CVE.ORG link : CVE-2020-14167

JSON object : View

Products Affected

atlassian

jira
jira_server
jira_data_center
jira_software_data_center

CWE

NVD-CWE-noinfo

{"id": "CVE-2020-14167", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-07-01T02:15:11.897", "references": [{"url": "https://jira.atlassian.com/browse/JRASERVER-71197", "tags": ["Vendor Advisory"], "source": "security@atlassian.com"}, {"url": "https://jira.atlassian.com/browse/JRASERVER-71197", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to impact the application's availability via an Denial of Service (DoS) vulnerability."}, {"lang": "es", "value": "El recurso MessageBundleResource en Jira Server y Data Center versiones anteriores a 7.13.4, desde versiones 8.5.0 anteriores a 8.5.5, desde versiones 8.8.0 anteriores a 8.8.2 y desde versiones 8.9.0 anteriores a 8.9.1, permite a atacantes remotos impactar la disponibilidad de la aplicaci\u00f3n por medio de una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS)"}], "lastModified": "2024-11-21T05:02:47.233", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C37B767-CBE4-4E98-9FB8-90020424EFE4", "versionEndExcluding": "7.13.14"}, {"criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75CC108C-2D1D-4BE0-B0F2-3013E31605C4", "versionEndExcluding": "8.5.5", "versionStartIncluding": "8.5.0"}, {"criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "547F1523-AD76-4557-820B-7CB0AD0F9659", "versionEndExcluding": "8.8.2", "versionStartIncluding": "8.8.0"}, {"criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74AEEBB1-3786-457D-891D-926DB7A4FDBB", "versionEndExcluding": "8.9.1", "versionStartIncluding": "8.9.0"}, {"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEB10566-CCFE-4C65-8AB7-C11BD071AD6D", "versionEndExcluding": "8.5.5", "versionStartIncluding": "8.5.0"}, {"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA7A5733-8237-44A3-B6EA-06E6855A89DD", "versionEndExcluding": "8.8.2", "versionStartIncluding": "8.8.0"}, {"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29550345-AC18-4BA4-9632-7750F21CCD58", "versionEndExcluding": "8.9.1", "versionStartIncluding": "8.9.0"}, {"criteria": "cpe:2.3:a:atlassian:jira_software_data_center:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19A3E98A-DE12-41BB-BF8A-B7D20EC46614", "versionEndExcluding": "7.13.14"}], "operator": "OR"}]}], "sourceIdentifier": "security@atlassian.com"}