Sensitive data exposure via https://███████/secure/QueryComponent!Default.jspa - CVE-2020-14179

##Summary: Information Disclosure vulnerability in outdated Jira. ##Description: Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. ## Step-by-step Reproduction Instructions 1.Go to https://███/secure/QueryComponent!Default.jspa to view exposed information in any web browser. ## Product, Version, and Configuration The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1. ## Suggested Mitigation/Remediation Actions Update affected Jira version according to vendor instructions. ## Impact Unauthenticated attackers to view custom Jira field names and custom SLA names.