CVE-2020–14179: Unauthenticated Information Disclosure Vulnerability in Jira
Who Am I?
I’m a Security Researcher actively participating in bug bounty programs, particularly on HackerOne. In 2022, I ranked 60th globally on the HackerOne leaderboard, and I am always excited to share my experiences and findings with the community. You can view my ranking [here](insert link), and for more tips on bug hunting, feel free to follow me on Twitter: @bughuntar.
Overview of CVE-2020–14179
CVE-2020–14179 is a critical Information Disclosure vulnerability affecting specific versions of Atlassian Jira Server and Jira Data Center. The vulnerability allows unauthenticated attackers to disclose sensitive information, specifically custom field names and custom SLA names, via a vulnerable endpoint. The affected versions are:
- Before version 8.5.8
- From version 8.6.0 to before 8.11.1
This vulnerability resides in the /secure/QueryComponent!Default.jspa
endpoint and is primarily a risk for organizations running outdated versions of Jira.
Discovery Process
My approach to finding vulnerabilities usually involves scanning a wild domain with security tools, and today was no different. I was testing a domain using Nuclei, a popular security vulnerability scanner, when I stumbled upon this specific CVE-2020–14179 vulnerability.
Nuclei performed a quick scan, and the vulnerability popped up as part of the results. It’s always exciting when a scan reveals something so significant, especially when it directly impacts such a widely used tool like Jira.
Proof of Concept (PoC)
Here’s a simple PoC demonstrating the vulnerability:
Exploit URL:
https://gjira.redacted.com/secure/QueryComponent!Default.jspa
By accessing this endpoint on affected Jira instances, unauthenticated attackers can retrieve sensitive information such as:
- Custom field names
- Custom SLA names
This data can provide valuable insights for an attacker, especially if used as part of a broader exploitation strategy, such as privilege escalation or unauthorized access to sensitive project data.
Conclusion
I’m thrilled to have discovered this vulnerability, and while I don’t yet know the full outcome or bounty for this finding, I’m grateful for the learning experience and excited to see how it progresses. It’s a reminder that bug hunting often brings unexpected discoveries, and even small vulnerabilities can have a huge impact.
As I reflect on this, I’m grateful for the opportunity to contribute to the cybersecurity community. Alhamdulillah — I am thankful for this discovery, and I look forward to continuing my journey in the bug bounty space.
Follow Me
You can stay updated with my bug bounty tips, cybersecurity insights, and personal discoveries on the following platforms:
- Website: https://bughuntar.com
- Facebook: https://facebook.com/bughuntar
- Twitter: https://twitter.com/bughuntar
- Telegram: https://t.me/bughuntar
- YouTube: https://youtube.com/bughuntar
- Medium: https://bughuntar.medium.com
- LinkedIn: https://www.linkedin.com/in/SoftwareDeveloperSagor
Feel free to reach out for discussions, collaborations, or questions related to bug hunting and security research!