Filtered by vendor Atlassian
Subscriptions
Filtered by product Jira Data Center
Subscriptions
Total
75 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26081 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-09-16 | 5.3 Medium |
| REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the `/rest/api/latest/user/avatar/temporary` endpoint. | ||||
| CVE-2020-14174 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-09-16 | 4.3 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, from version 8.6.0 before 8.9.2, and from version 8.10.0 before 8.10.1. | ||||
| CVE-2022-36801 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-09-16 | 6.1 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (RXSS) vulnerability in the TeamManagement.jspa endpoint. The affected versions are before version 8.20.8. | ||||
| CVE-2019-20098 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-09-16 | 4.3 Medium |
| The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present. | ||||
| CVE-2021-39116 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-09-16 | 5.5 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the GIF Image Reader component. The affected versions are before version 8.13.14, and from version 8.14.0 before 8.19.0. | ||||
| CVE-2019-20099 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-09-16 | 4.3 Medium |
| The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present. | ||||
| CVE-2018-20239 | 1 Atlassian | 8 Application Links, Confluence Data Center, Confluence Server and 5 more | 2024-09-16 | 5.4 Medium |
| Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. The product is used as a plugin in various Atlassian products where the following are affected: Confluence before version 6.15.2, Crucible before version 4.7.0, Crowd before version 3.4.3, Fisheye before version 4.7.0, Jira before version 7.13.3 and 8.x before 8.1.0. | ||||
| CVE-2019-20413 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-09-16 | 7.5 High |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability on the UserPickerBrowser.jspa page. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. | ||||
| CVE-2020-36286 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-09-16 | 5.3 Medium |
| The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to publicly visible issue field. | ||||
| CVE-2021-39127 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-09-16 | 5.3 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1. | ||||
| CVE-2021-43941 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-09-16 | 6.5 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. | ||||
| CVE-2020-36288 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-09-16 | 6.1 Medium |
| The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DOM Cross-Site Scripting (XSS) vulnerability caused by parameter pollution. | ||||
| CVE-2021-43944 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-09-16 | 7.2 High |
| This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. | ||||
| CVE-2021-26082 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-09-16 | 5.4 Medium |
| The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a stored cross site scripting vulnerability. | ||||
| CVE-2020-14168 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-09-16 | 5.9 Medium |
| The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle (MITM) vulnerability. | ||||
| CVE-2021-39113 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-09-16 | 7.5 High |
| Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. The affected versions are before version 8.13.9, and from version 8.14.0 before 8.18.0. | ||||
| CVE-2020-4029 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-09-16 | 4.3 Medium |
| The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to enumerate project names via an improper authorization vulnerability. | ||||
| CVE-2019-20411 | 1 Atlassian | 3 Jira, Jira Data Center, Jira Server | 2024-09-16 | 4.3 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. | ||||
| CVE-2019-20404 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-09-16 | 4.3 Medium |
| The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability. | ||||
| CVE-2019-20897 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-09-16 | 6.5 Medium |
| The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1. | ||||