VYPR

Jira Server

by Atlassian

CVEs (117)

  • CVE-2020-36235Feb 14, 2021
    risk 0.00cvss epss 0.02

    Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view. The affected versions are before version 8.13.2, and from version…

  • CVE-2020-36231Feb 1, 2021
    risk 0.00cvss epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0…

  • CVE-2020-14185Oct 15, 2020
    risk 0.00cvss epss 0.02

    Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version…

  • CVE-2020-14184Oct 12, 2020
    risk 0.00cvss epss 0.01

    Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version…

  • CVE-2020-14183Oct 6, 2020
    risk 0.00cvss epss 0.01

    Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's Support Entitlement Number (SEN) via an Information Disclosure vulnerability in the HTTP Response headers. The affected versions are before…

  • CVE-2020-14177Sep 21, 2020
    risk 0.00cvss epss 0.02

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Regex-based Denial of Service (DoS) vulnerability in JQL version searching. The affected versions are before version 7.13.16; from version 7.14.0…

  • CVE-2020-14178Sep 1, 2020
    risk 0.00cvss epss 0.03

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from…

  • CVE-2019-20901Jul 13, 2020
    risk 0.00cvss epss 0.01

    The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter.

  • CVE-2020-14174Jul 13, 2020
    risk 0.00cvss epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from…

  • CVE-2019-20900Jul 13, 2020
    risk 0.00cvss epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module. The affected versions are before version 8.7.0.

  • CVE-2019-20899Jul 13, 2020
    risk 0.00cvss epss 0.02

    The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1.

  • CVE-2019-20898Jul 13, 2020
    risk 0.00cvss epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0.

  • CVE-2019-20897Jul 13, 2020
    risk 0.00cvss epss 0.02

    The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before…

  • CVE-2020-14173Jul 3, 2020
    risk 0.00cvss epss 0.01

    The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2,…

  • CVE-2020-14172Jul 3, 2020
    risk 0.00cvss epss 0.03

    This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atlassian Jira Server and Data Center in affected versions allowed remote attackers…

  • CVE-2019-20419Jul 3, 2020
    risk 0.00cvss epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The affected versions are before version 8.5.5, and from version 8.6.0 before 8.7.2.

  • CVE-2019-20418Jul 3, 2020
    risk 0.00cvss epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. The affected versions are before version 8.8.0.

  • CVE-2020-14164Jul 1, 2020
    risk 0.00cvss epss 0.01

    The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by pasting javascript code into the editor field.

  • CVE-2019-20408Jul 1, 2020
    risk 0.00cvss epss 0.01

    The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.

  • CVE-2019-20416Jun 30, 2020
    risk 0.00cvss epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature. The affected versions are before version 8.3.0.

Page 5 of 6