IDCVSSSummaryLast (major) updatePublished
CVE-2020-36232 4.0
The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5.0.0 before 5.0.1 allowed unexpected DNS lookups a
02-03-2021 - 20:44 22-02-2021 - 21:15
CVE-2012-2926 6.4
Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before
06-08-2020 - 16:05 22-05-2012 - 15:55
CVE-2019-15005 4.0
The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message m
14-11-2019 - 21:15 08-11-2019 - 04:15
CVE-2012-2928 6.4
The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (re
29-08-2017 - 01:31 22-05-2012 - 15:55
CVE-2020-14181 5.0
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version
27-03-2021 - 01:17 17-09-2020 - 01:15
CVE-2020-36234 3.5
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from v
18-02-2021 - 02:17 15-02-2021 - 00:15
CVE-2020-29451 4.0
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Disclosure vulnerability in the Jira Projects plugin report page. The affected versions are before version 8.5.11, from ve
18-02-2021 - 17:16 15-02-2021 - 01:15
CVE-2021-26070 6.4
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the `makeRequest` gadget resource. The affected versions ar
26-03-2021 - 19:24 22-03-2021 - 05:15
CVE-2021-26069 5.0
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in the /rest/api/1.0/issues/{id}/ActionsAndOperations
25-03-2021 - 20:15 22-03-2021 - 05:15
CVE-2020-36237 5.0
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. The affected versions are befor
18-02-2021 - 17:17 15-02-2021 - 00:15
CVE-2021-26071 3.5
The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software co
05-04-2021 - 19:33 01-04-2021 - 03:15
CVE-2020-36238 5.0
The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or n
06-04-2021 - 12:14 01-04-2021 - 03:15
CVE-2020-36286 5.0
The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members
06-04-2021 - 12:18 01-04-2021 - 03:15
CVE-2020-36287 5.0
The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related setting
14-04-2021 - 19:19 09-04-2021 - 02:15
CVE-2021-26075 4.0
The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path o
21-04-2021 - 23:58 15-04-2021 - 00:15
CVE-2020-36288 4.3
The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DO
21-04-2021 - 19:39 15-04-2021 - 00:15
CVE-2021-26076 4.3
The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can per
22-04-2021 - 00:01 15-04-2021 - 00:15
CVE-2021-26068 9.0
An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute arbitrary code via a template injection vulnerability.
26-02-2021 - 17:11 22-02-2021 - 21:15
CVE-2020-14183 4.0
Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's Support Entitlement Number (SEN) via an Information Disclosure vulnerability in the HTTP Response headers. The affect
19-10-2020 - 13:51 06-10-2020 - 23:15
CVE-2008-6531 6.8
The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole."
17-08-2017 - 01:29 26-03-2009 - 21:00
CVE-2014-2313 4.3
Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors. Per: https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26
10-03-2014 - 16:38 09-03-2014 - 13:16
CVE-2014-2314 4.3
Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors. Per: https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-0
29-07-2015 - 16:21 09-03-2014 - 13:16
CVE-2012-2927 4.0
The TM Software Tempo plugin before 6.4.3.1, 6.5.x before 6.5.0.2, and 7.x before 7.0.3 for Atlassian JIRA does not properly restrict the capabilities of third-party XML parsers, which allows remote authenticated users to cause a denial of service (r
29-08-2017 - 01:31 22-05-2012 - 15:55
CVE-2019-11586 4.3
The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerabilit
27-08-2019 - 15:47 23-08-2019 - 14:15
CVE-2017-14594 4.3
The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query
01-02-2018 - 20:17 12-01-2018 - 14:29
CVE-2019-11587 4.3
Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (C
27-08-2019 - 15:47 23-08-2019 - 14:15
CVE-2017-16865 3.5
The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an environment like Amazon EC2, this flaw maybe used to a
02-02-2018 - 15:24 17-01-2018 - 14:29
CVE-2019-11584 4.3
The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority.
26-08-2019 - 19:43 23-08-2019 - 14:15
CVE-2017-16863 4.3
The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project or filter.
05-02-2018 - 14:51 18-01-2018 - 18:29
CVE-2019-11588 4.3
The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request for
27-08-2019 - 15:46 23-08-2019 - 14:15
CVE-2016-4319 6.8
Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.
16-02-2018 - 02:29 10-04-2017 - 03:59
CVE-2017-16862 4.3
The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability.
31-01-2018 - 18:08 12-01-2018 - 14:29
CVE-2019-11585 5.8
The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a p
27-08-2019 - 15:52 23-08-2019 - 14:15
CVE-2013-5319 4.3
Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via the name parameter to secure/admin/user/Del
21-08-2013 - 14:05 20-08-2013 - 14:55
CVE-2017-16864 4.3
The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter.
31-01-2018 - 18:32 12-01-2018 - 14:29
CVE-2016-4318 3.5
Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name.
16-02-2018 - 02:29 10-04-2017 - 03:59
CVE-2019-11583 4.0
The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by "Epic Name".
24-08-2020 - 17:37 26-06-2019 - 16:15
CVE-2020-14172 7.5
This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atlassian Jira Server and Data Center in affected vers
22-07-2020 - 17:15 03-07-2020 - 02:15
CVE-2017-18104 4.3
The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should
20-09-2018 - 19:02 24-07-2018 - 13:29
CVE-2016-6285 4.3
Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
03-02-2017 - 16:10 31-01-2017 - 22:59
CVE-2018-13401 5.8
The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.
03-12-2018 - 20:23 23-10-2018 - 13:29
CVE-2018-13387 4.3
The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 al
17-09-2018 - 13:18 16-07-2018 - 13:29
CVE-2020-14174 4.0
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are bef
13-07-2020 - 21:24 13-07-2020 - 05:15
CVE-2017-18033 4.3
The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities.
05-02-2018 - 14:51 18-01-2018 - 14:29
CVE-2017-18100 4.3
The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters.
14-05-2018 - 15:23 10-04-2018 - 13:29
CVE-2018-13395 4.3
Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and before version 7.11.1 a
08-11-2018 - 16:17 28-08-2018 - 12:29
CVE-2018-13402 5.8
Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before ve
03-12-2018 - 20:16 23-10-2018 - 13:29
CVE-2017-18097 3.5
The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability
09-05-2018 - 18:04 06-04-2018 - 13:29
CVE-2018-13403 3.5
The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross s
14-02-2019 - 17:18 13-02-2019 - 18:29
CVE-2017-18101 6.4
Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attack
09-10-2019 - 23:25 10-04-2018 - 13:29
CVE-2020-14173 3.5
The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from
09-07-2020 - 18:21 03-07-2020 - 02:15
CVE-2019-15013 4.0
The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to
19-12-2019 - 17:54 18-12-2019 - 04:15
CVE-2018-13391 5.0
The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from ver
08-11-2018 - 16:20 28-08-2018 - 12:29
CVE-2020-14166 3.5
The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS)
07-04-2021 - 22:15 01-07-2020 - 02:15
CVE-2017-18098 4.3
The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields.
09-05-2018 - 18:04 06-04-2018 - 13:29
CVE-2020-14168 4.3
The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via ma
09-07-2020 - 16:34 01-07-2020 - 02:15
CVE-2020-4029 4.0
The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to enumerate project names via an improper authorization
09-07-2020 - 18:30 01-07-2020 - 02:15
CVE-2020-4028 5.0
Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not throu
08-07-2020 - 14:26 23-06-2020 - 13:15
CVE-2020-14169 4.3
The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability
09-07-2020 - 16:25 01-07-2020 - 02:15
CVE-2020-4021 3.5
Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the XML export view.
13-07-2020 - 21:17 01-06-2020 - 07:15
CVE-2020-14167 5.0
The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to impact the application's availability via an Denial of S
09-07-2020 - 16:28 01-07-2020 - 02:15
CVE-2018-13400 6.5
Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from versio
03-10-2019 - 00:03 23-10-2018 - 13:29
CVE-2018-13404 4.0
The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from
22-02-2019 - 20:23 13-02-2019 - 18:29
CVE-2020-4022 4.3
The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerabi
09-07-2020 - 18:54 01-07-2020 - 02:15
CVE-2020-4025 3.5
The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inje
09-07-2020 - 18:29 01-07-2020 - 02:15
CVE-2020-14178 5.0
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version
10-09-2020 - 15:21 01-09-2020 - 05:15
CVE-2020-14165 5.0
The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability.
13-07-2020 - 22:20 01-07-2020 - 02:15
CVE-2018-20232 3.5
The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved
27-02-2019 - 14:18 13-02-2019 - 18:29
CVE-2020-14164 4.3
The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by pasting javascript code into the editor field.
13-07-2020 - 21:18 01-07-2020 - 02:15
CVE-2019-20418 4.0
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. The affected versions are before versio
09-07-2020 - 18:05 03-07-2020 - 01:15
CVE-2018-5231 5.0
The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of servic
03-10-2019 - 00:03 16-05-2018 - 13:29
CVE-2019-20411 4.3
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2
07-07-2020 - 17:09 29-06-2020 - 06:15
CVE-2019-20897 4.0
The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and
13-07-2020 - 22:16 13-07-2020 - 01:15
CVE-2019-20416 3.5
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature. The affected versions are before version 8.3
07-07-2020 - 18:25 30-06-2020 - 03:15
CVE-2019-20419 4.4
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The affected versions are before version 8.5.5, and from version 8.6.0 before 8.7.2.
09-07-2020 - 18:15 03-07-2020 - 02:15
CVE-2019-20898 5.0
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0.
13-07-2020 - 22:01 13-07-2020 - 01:15
CVE-2019-20901 5.8
The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the o
13-07-2020 - 21:25 13-07-2020 - 05:15
CVE-2019-3399 5.0
The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check.
09-10-2019 - 23:49 30-04-2019 - 16:29
CVE-2019-8443 6.8
The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades admin
24-08-2020 - 17:37 22-05-2019 - 18:29
CVE-2019-20106 4.0
Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions
13-07-2020 - 21:13 06-02-2020 - 03:15
CVE-2019-8442 5.0
The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF direct
24-08-2020 - 17:37 22-05-2019 - 18:29
CVE-2019-20413 5.0
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability on the UserPickerBrowser.jspa page. The affected versions are before version 7.13.9
07-07-2020 - 17:16 29-06-2020 - 06:15
CVE-2019-20402 4.0
Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability.
24-08-2020 - 17:37 06-02-2020 - 03:15
CVE-2019-8449 5.0
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.
03-02-2020 - 19:15 11-09-2019 - 14:15
CVE-2018-5232 4.3
The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuetype parameter.
17-09-2018 - 13:39 18-07-2018 - 14:29
CVE-2019-20417 5.8
NOTE: This candidate is a duplicate of CVE-2019-15011. All CVE users should reference CVE-2019-15011 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
21-07-2020 - 14:15 02-07-2020 - 01:15
CVE-2020-4024 3.5
The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerabi
09-07-2020 - 18:53 01-07-2020 - 02:15
CVE-2019-3400 4.3
The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jql parameter.
07-05-2019 - 10:29 03-05-2019 - 20:29
CVE-2018-20826 4.0
The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check.
09-10-2019 - 23:39 09-08-2019 - 20:15
CVE-2018-20824 4.3
The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter.
06-05-2019 - 00:32 03-05-2019 - 20:29
CVE-2019-3401 5.0
The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.
09-10-2019 - 23:49 22-05-2019 - 18:29
CVE-2019-20408 5.0
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist
08-07-2020 - 18:31 01-07-2020 - 02:15
CVE-2019-20412 5.0
The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of
08-07-2020 - 17:51 29-06-2020 - 06:15
CVE-2019-3403 5.0
The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.
16-10-2020 - 15:34 22-05-2019 - 18:29
CVE-2018-5230 4.3
The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript vi
19-06-2018 - 16:21 14-05-2018 - 13:29
CVE-2019-20410 4.0
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from vers
08-07-2020 - 16:30 29-06-2020 - 06:15
CVE-2019-3402 4.3
The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName
23-05-2019 - 16:16 22-05-2019 - 18:29
CVE-2019-20414 3.5
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in Issue Navigator Basic Search. The affected versions are before version 7.13.9,
07-07-2020 - 17:17 29-06-2020 - 07:15
CVE-2019-20409 7.5
The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.
06-07-2020 - 15:00 23-06-2020 - 06:15
CVE-2019-20415 4.3
Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0
08-07-2020 - 15:35 30-06-2020 - 03:15
CVE-2019-20899 5.0
The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from ver
13-07-2020 - 21:26 13-07-2020 - 01:15
CVE-2020-14184 3.5
Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 befo
26-10-2020 - 15:06 12-10-2020 - 04:15
CVE-2020-14185 5.0
Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from
26-10-2020 - 17:43 15-10-2020 - 22:15
CVE-2020-14193 5.5
Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin directories via a template injection vulnerability in Jira sm
04-12-2020 - 19:14 30-11-2020 - 23:15
CVE-2020-36231 4.0
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.
04-02-2021 - 19:20 02-02-2021 - 00:15
CVE-2020-36235 5.0
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view. The affected versions are before version
18-02-2021 - 21:55 15-02-2021 - 00:15
CVE-2020-36236 4.3
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected ver
19-02-2021 - 13:49 15-02-2021 - 00:15
Back to Top Mark selected
Back to Top