Filtered by vendor Atlassian
Subscriptions
Filtered by product Jira Server
Subscriptions
Total
140 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20232 | 1 Atlassian | 2 Jira, Jira Server | 2024-09-16 | N/A |
| The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting. | ||||
| CVE-2019-20403 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-09-16 | 5.3 Medium |
| The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability. | ||||
| CVE-2018-5230 | 1 Atlassian | 2 Jira, Jira Server | 2024-09-16 | N/A |
| The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified. | ||||
| CVE-2019-20400 | 1 Atlassian | 1 Jira Server | 2024-09-16 | 7.8 High |
| The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject code into via a DLL hijacking vulnerability. | ||||
| CVE-2019-20414 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-09-16 | 5.4 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in Issue Navigator Basic Search. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. | ||||
| CVE-2019-14998 | 1 Atlassian | 1 Jira Server | 2024-09-16 | 6.5 Medium |
| The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance. | ||||
| CVE-2020-14178 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-09-16 | 7.5 High |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 before 8.12.0. | ||||
| CVE-2019-11581 | 1 Atlassian | 2 Jira, Jira Server | 2024-09-16 | N/A |
| There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability. | ||||
| CVE-2019-8448 | 1 Atlassian | 1 Jira Server | 2024-09-16 | N/A |
| The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enumerate usernames via an information disclosure vulnerability. | ||||
| CVE-2019-20405 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-09-16 | 4.3 Medium |
| The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability. | ||||
| CVE-2020-4025 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-09-16 | 4.8 Medium |
| The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a rdf content type. | ||||
| CVE-2020-14181 | 1 Atlassian | 3 Data Center, Jira, Jira Server | 2024-09-16 | 5.3 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0. | ||||
| CVE-2020-14173 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-09-16 | 5.4 Medium |
| The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1. | ||||
| CVE-2019-8447 | 1 Atlassian | 1 Jira Server | 2024-09-16 | N/A |
| The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability. | ||||
| CVE-2019-11585 | 1 Atlassian | 2 Jira, Jira Server | 2024-09-16 | N/A |
| The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect. | ||||
| CVE-2020-14174 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-09-16 | 4.3 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, from version 8.6.0 before 8.9.2, and from version 8.10.0 before 8.10.1. | ||||
| CVE-2018-5231 | 1 Atlassian | 2 Jira, Jira Server | 2024-09-16 | N/A |
| The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests to it. | ||||
| CVE-2019-20098 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-09-16 | 4.3 Medium |
| The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present. | ||||
| CVE-2019-20099 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-09-16 | 4.3 Medium |
| The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present. | ||||
| CVE-2018-20239 | 1 Atlassian | 8 Application Links, Confluence Data Center, Confluence Server and 5 more | 2024-09-16 | 5.4 Medium |
| Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. The product is used as a plugin in various Atlassian products where the following are affected: Confluence before version 6.15.2, Crucible before version 4.7.0, Crowd before version 3.4.3, Fisheye before version 4.7.0, Jira before version 7.13.3 and 8.x before 8.1.0. | ||||