CVE-2020–14179: Unauthenticated Information Disclosure Vulnerability in Jira

Professor Software Solutions
3 min readMar 29, 2023

--

Who Am I?

I’m a Security Researcher actively participating in bug bounty programs, particularly on HackerOne. In 2022, I ranked 60th globally on the HackerOne leaderboard, and I am always excited to share my experiences and findings with the community. You can view my ranking [here](insert link), and for more tips on bug hunting, feel free to follow me on Twitter: @bughuntar.

Overview of CVE-2020–14179

CVE-2020–14179 is a critical Information Disclosure vulnerability affecting specific versions of Atlassian Jira Server and Jira Data Center. The vulnerability allows unauthenticated attackers to disclose sensitive information, specifically custom field names and custom SLA names, via a vulnerable endpoint. The affected versions are:

  • Before version 8.5.8
  • From version 8.6.0 to before 8.11.1

This vulnerability resides in the /secure/QueryComponent!Default.jspa endpoint and is primarily a risk for organizations running outdated versions of Jira.

Discovery Process

My approach to finding vulnerabilities usually involves scanning a wild domain with security tools, and today was no different. I was testing a domain using Nuclei, a popular security vulnerability scanner, when I stumbled upon this specific CVE-2020–14179 vulnerability.

Nuclei performed a quick scan, and the vulnerability popped up as part of the results. It’s always exciting when a scan reveals something so significant, especially when it directly impacts such a widely used tool like Jira.

Proof of Concept (PoC)

Here’s a simple PoC demonstrating the vulnerability:

Exploit URL:

https://gjira.redacted.com/secure/QueryComponent!Default.jspa

By accessing this endpoint on affected Jira instances, unauthenticated attackers can retrieve sensitive information such as:

  • Custom field names
  • Custom SLA names

This data can provide valuable insights for an attacker, especially if used as part of a broader exploitation strategy, such as privilege escalation or unauthorized access to sensitive project data.

Conclusion

I’m thrilled to have discovered this vulnerability, and while I don’t yet know the full outcome or bounty for this finding, I’m grateful for the learning experience and excited to see how it progresses. It’s a reminder that bug hunting often brings unexpected discoveries, and even small vulnerabilities can have a huge impact.

As I reflect on this, I’m grateful for the opportunity to contribute to the cybersecurity community. Alhamdulillah — I am thankful for this discovery, and I look forward to continuing my journey in the bug bounty space.

Follow Me

You can stay updated with my bug bounty tips, cybersecurity insights, and personal discoveries on the following platforms:

Feel free to reach out for discussions, collaborations, or questions related to bug hunting and security research!

--

--

Professor Software Solutions
Professor Software Solutions

Written by Professor Software Solutions

Bug Bounty Hunter at HackerOne Inc | Cybersecurity Enthusiast | Passionate About Finding Vulnerabilities and Enhancing Online Security | https://x.com/bughuntar

Responses (2)