Patch for Sensitive data exposure via
/secure/QueryComponent!Default.jspa endpoint – CVE-2020-14179
Accxias free of charge fix
We have created an App to Patch this security issue since it is still not solved even in latest Jira Versions. Simply install the App and the security issue CVE-2020-14179 is fixed in your Instance.
For non logged in users, this fix blocks access to any url containing “QueryComponent!".
The App is not reading or storing any Data.
Here you can download the patch!
When developing a fix/patch we saw that not only
is exposing this data.
Any url containing “QueryComponent!Default.jspa" works.
In addition /secure/QueryComponent!Jql.jspa might be affected too
It does not return data but probably it executes the JQL query. I do not have the source code but according to