{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T06:16:09.850","vulnerabilities":[{"cve":{"id":"CVE-2019-14997","sourceIdentifier":"security@atlassian.com","published":"2019-09-11T14:15:11.447","lastModified":"2024-11-21T04:27:50.650","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN."},{"lang":"es","value":"La clase AccessLogFilter en Jira versiones anteriores a 8.4.0, permite a atacantes anónimos remotos saber detalles sobre otros usuarios, incluyendo su nombre de usuario, por medio de una exposición de información mediante la vulnerabilidad de almacenamiento en caché cuando Jira está configurado con un proxy inverso o un balanceador de carga con almacenamiento en caché o en un CDN."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"security@atlassian.com","type":"Secondary","description":[{"lang":"en","value":"CWE-524"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.13.0","versionEndExcluding":"8.4.0","matchCriteriaId":"59D9140F-4D4F-41D7-AE28-D2993E36AA94"}]}]}],"references":[{"url":"https://jira.atlassian.com/browse/JRASERVER-69794","source":"security@atlassian.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://jira.atlassian.com/browse/JRASERVER-69794","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]}]}}]}