CVE-2019-20899
Last modified
CVE-2019-20899 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1.. EPSS estimates a 2.14% chance of exploitation in the next 30 days.
Description
The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Jira | < 8.5.4 |
| Atlassian | Jira Data Center | >= 8.5.5, < 8.6.1 |
| Atlassian | Jira Data Center | >= 8.6.2, < 8.7.0 |
| Atlassian | Jira Server | >= 8.5.5, < 8.6.1 |
| Atlassian | Jira Server | >= 8.6.2, < 8.7.0 |
| Atlassian | Jira Software Data Center | < 8.5.4 |
References
- https://jira.atlassian.com/browse/JRASERVER-70808Vendor Advisory
- https://jira.atlassian.com/browse/JRASERVER-70808Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-20899?
How severe is CVE-2019-20899?
How do I fix CVE-2019-20899?
Are you affected by CVE-2019-20899?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST