Filtered by vendor Atlassian Subscriptions
Total 436 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-20902 1 Atlassian 1 Crowd 2024-11-21 7.5 High
Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 before 3.5.1.
CVE-2019-20901 1 Atlassian 2 Jira, Jira Server 2024-11-21 6.1 Medium
The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter.
CVE-2019-20900 1 Atlassian 2 Jira Data Center, Jira Server 2024-11-21 4.8 Medium
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module. The affected versions are before version 8.7.0.
CVE-2019-20899 1 Atlassian 4 Jira, Jira Data Center, Jira Server and 1 more 2024-11-21 5.3 Medium
The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1.
CVE-2019-20898 1 Atlassian 2 Jira, Jira Software Data Center 2024-11-21 7.5 High
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0.
CVE-2019-20897 1 Atlassian 4 Jira, Jira Data Center, Jira Server and 1 more 2024-11-21 6.5 Medium
The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.
CVE-2019-20419 1 Atlassian 2 Jira Data Center, Jira Server 2024-11-21 7.8 High
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The affected versions are before version 8.5.5, and from version 8.6.0 before 8.7.2.
CVE-2019-20418 1 Atlassian 2 Jira, Jira Software Data Center 2024-11-21 6.5 Medium
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. The affected versions are before version 8.8.0.
CVE-2019-20416 1 Atlassian 2 Jira, Jira Software Data Center 2024-11-21 4.8 Medium
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature. The affected versions are before version 8.3.0.
CVE-2019-20415 1 Atlassian 4 Jira, Jira Data Center, Jira Server and 1 more 2024-11-21 4.3 Medium
Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0.
CVE-2019-20414 1 Atlassian 4 Jira, Jira Data Center, Jira Server and 1 more 2024-11-21 5.4 Medium
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in Issue Navigator Basic Search. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.
CVE-2019-20413 1 Atlassian 4 Jira, Jira Data Center, Jira Server and 1 more 2024-11-21 7.5 High
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability on the UserPickerBrowser.jspa page. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.
CVE-2019-20412 1 Atlassian 4 Jira, Jira Data Center, Jira Server and 1 more 2024-11-21 5.3 Medium
The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of the workflow name; Issue Keys; Issue Types; Status Types. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.
CVE-2019-20411 1 Atlassian 3 Jira, Jira Data Center, Jira Server 2024-11-21 4.3 Medium
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.
CVE-2019-20410 1 Atlassian 4 Jira, Jira Data Center, Jira Server and 1 more 2024-11-21 6.5 Medium
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and from version 8.0.0 before 8.4.2.
CVE-2019-20409 1 Atlassian 2 Jira, Jira Software Data Center 2024-11-21 9.8 Critical
The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.
CVE-2019-20408 1 Atlassian 1 Jira 2024-11-21 5.3 Medium
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.
CVE-2019-20407 1 Atlassian 2 Jira Data Center, Jira Server 2024-11-21 4.3 Medium
The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they do not have access to through an missing authorisation check.
CVE-2019-20406 2 Atlassian, Microsoft 3 Confluence, Confluence Server, Windows 2024-11-21 7.8 High
The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability.
CVE-2019-20405 1 Atlassian 2 Jira Data Center, Jira Server 2024-11-21 4.3 Medium
The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability.