fkie_nvd - fkie_cve-2020-36234

fkie_cve-2020-36234

Vulnerability from fkie_nvd

Published

2021-02-15 00:15

Modified

2024-11-21 05:29

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Summary

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.

References

▼	URL	Tags
	security@atlassian.com	https://jira.atlassian.com/browse/JRASERVER-72059	Issue Tracking, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://jira.atlassian.com/browse/JRASERVER-72059	Issue Tracking, Vendor Advisory

Impacted products

Vendor	Product	Version
atlassian	data_center	*
atlassian	data_center	*
atlassian	jira	*
atlassian	jira_data_center	*
atlassian	jira_server	*
atlassian	jira_server	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2823995C-7B02-4318-8B9D-3F9659F2B0CB",
              "versionEndExcluding": "8.5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "23CA57C4-72B6-465C-8EC1-0C00A9A67877",
              "versionEndExcluding": "8.13.3",
              "versionStartIncluding": "8.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DC31C8A-7C3A-497D-8B93-186A4BB78177",
              "versionEndExcluding": "8.5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF44ED6-2346-4FF8-8AFF-67A4E3BFF69D",
              "versionEndExcluding": "8.15.0",
              "versionStartIncluding": "8.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "54CAA007-B086-4422-AB45-35A561CCD894",
              "versionEndExcluding": "8.13.3",
              "versionStartIncluding": "8.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC0005F9-7748-4F24-927E-6789D415E0CD",
              "versionEndExcluding": "8.15.0",
              "versionStartIncluding": "8.14.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0."
    },
    {
      "lang": "es",
      "value": "Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos inyectar HTML o JavaScript arbitrario por medio de una vulnerabilidad de tipo Cross-Site Scripting (XSS) en la vista Screens Modal.\u0026#xa0;Las versiones afectadas son anteriores a la versi\u00f3n 8.5.11, desde la versi\u00f3n 8.6.0 anteriores a 8.13.3 y desde la versi\u00f3n 8.14.0 anteriores a 8.15.0"
    }
  ],
  "id": "CVE-2020-36234",
  "lastModified": "2024-11-21T05:29:06.947",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-15T00:15:12.307",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/JRASERVER-72059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/JRASERVER-72059"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2020-36234

Vulnerability from cvelistv5

Published

2021-02-15 00:00

Modified

2024-09-16 16:18

Severity ?

Summary

References

▼	URL	Tags
	https://jira.atlassian.com/browse/JRASERVER-72059	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

Atlassian

Jira Server

Version: unspecified   < 8.5.11
Version: 8.6.0   < unspecified
Version: unspecified   < 8.13.3
Version: 8.14.0   < unspecified
Version: unspecified   < 8.15.0

Atlassian

Jira Data Center

Version: unspecified   < 8.5.11
Version: 8.6.0   < unspecified
Version: unspecified   < 8.13.3
Version: 8.14.0   < unspecified
Version: unspecified   < 8.15.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:23:09.664Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/JRASERVER-72059"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Jira Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.5.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.13.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.15.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.5.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.13.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.15.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-02-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting (XSS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-15T00:00:15",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/JRASERVER-72059"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2020-02-04T00:00:00",
          "ID": "CVE-2020-36234",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Jira Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.5.11"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.6.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.15.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.5.11"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.6.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.15.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting (XSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/JRASERVER-72059",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/JRASERVER-72059"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2020-36234",
    "datePublished": "2021-02-15T00:00:15.314287Z",
    "dateReserved": "2021-01-27T00:00:00",
    "dateUpdated": "2024-09-16T16:18:31.237Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted