VYPR

Jira Server

by Atlassian

CVEs (117)

  • CVE-2017-5983CriApr 10, 2017
    risk 0.65cvss 9.8epss 0.16

    The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.

  • CVE-2016-4319HigApr 10, 2017
    risk 0.57cvss 8.8epss 0.01

    Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.

  • CVE-2017-18101MedApr 10, 2018
    risk 0.42cvss 6.5epss 0.01

    Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations…

  • CVE-2018-13387MedJul 16, 2018
    risk 0.40cvss 6.1epss 0.01

    The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to…

  • CVE-2017-18039MedFeb 2, 2018
    risk 0.40cvss 6.1epss 0.01

    The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter.

  • CVE-2018-13391MedAug 28, 2018
    risk 0.35cvss 5.3epss 0.02

    The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version…

  • CVE-2016-4318MedApr 10, 2017
    risk 0.31cvss 4.8epss 0.01

    Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name.

  • CVE-2021-26086KEVAug 16, 2021
    risk 0.23cvss epss 1.00

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version…

  • CVE-2019-11581KEVAug 9, 2019
    risk 0.20cvss epss 0.85

    There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions…

  • CVE-2015-8481LowJan 8, 2016
    risk 0.20cvss 3.1epss 0.01

    Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain…

  • CVE-2020-14181Sep 17, 2020
    risk 0.10cvss epss 1.00

    Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from…

  • CVE-2022-26135Jun 30, 2022
    risk 0.07cvss epss 0.71

    A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center…

  • CVE-2022-0540Apr 20, 2022
    risk 0.07cvss epss 0.88

    A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0…

  • CVE-2020-36289May 12, 2021
    risk 0.07cvss epss 0.99

    Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0…

  • CVE-2020-29453Feb 18, 2021
    risk 0.07cvss epss 0.23

    The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an…

  • CVE-2020-14179Sep 21, 2020
    risk 0.07cvss epss 0.76

    Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before…

  • CVE-2020-36287Apr 9, 2021
    risk 0.05cvss epss 0.09

    The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions…

  • CVE-2021-26078Jun 7, 2021
    risk 0.03cvss epss 0.04

    The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS)…

  • CVE-2019-15001Sep 19, 2019
    risk 0.01cvss epss 0.11

    The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator…

  • CVE-2025-22167Oct 22, 2025
    risk 0.00cvss epss 0.00

    This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9.12.0, 10.3.0 and remain present in 11.0.0 of Jira Software Data Center and Server. This Path Traversal (Arbitrary Write) vulnerability, with a CVSS Score of 8.7, allows an attacker to…

Page 1 of 6