CVE 2020 14179 on jira instance

**Summary:** An remote attacker can view the custom sla fields used in the jira instance and also can use the sla fields to make a jql query. ## Impact Information disclosure of the custom sla fields, senstive information leakage throught he jql query parameter Read more about the impact here: https://jira.atlassian.com/browse/JRASERVER-71536 ## Step-by-step Reproduction Instructions Copy the url mentioned below and paste it over the browser to see the name of the sla fields. https://███████.mil/jira/secure/QueryComponent!Default.jspa Use this url to check the execution of jql query. https://███.mil/jira/secure/QueryComponent!Jql.jspa?jql=reporter=███████ ## Product, Version, and Configuration (If applicable) ## Suggested Mitigation/Remediation Actions ## Impact An attacker can make a jql query using the custom sla fields used in the web app. And also there are broken authentication. The endpoint is not califatong if the user or viewer is authenticated on not. https://jira.atlassian.com/browse/JRASERVER-71536