Sensitive data exposure via https://███████/jira//secure/QueryComponent!Default.jspa - CVE-2020-14179

Description: Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. ## Impact https://jira.atlassian.com/browse/JRASERVER-71536 https://hackerone.com/reports/1003980 ## System Host(s) ████ ## Affected Product(s) and Version(s) ## CVE Numbers CVE-2020-14179 ## Steps to Reproduce Step-by-step Reproduction Instructions URL:https://██████/jira//secure/QueryComponent!Default.jspa ## Suggested Mitigation/Remediation Actions