VYPR

Crowd Data Center and Server

by Atlassian

CVEs (65)

  • CVE-2021-43944HigMar 8, 2022
    risk 0.47cvss 7.2epss 0.02

    This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute…

  • CVE-2021-43942MedJan 4, 2022
    risk 0.44cvss 6.1epss 0.55

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (XSS) vulnerability in the /rest/collectors/1.0/template/custom endpoint. To exploit this issue, the attacker must trick…

  • CVE-2021-43946MedJan 5, 2022
    risk 0.42cvss 6.5epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version…

  • CVE-2021-41308MedOct 26, 2021
    risk 0.42cvss 6.5epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are…

  • CVE-2021-39126MedOct 21, 2021
    risk 0.42cvss 6.5epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The…

  • CVE-2020-36289MedMay 12, 2021
    risk 0.42cvss 5.3epss 0.99

    Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0…

  • CVE-2021-41304MedOct 26, 2021
    risk 0.40cvss 6.1epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message. The affected versions are before…

  • CVE-2021-39111MedAug 30, 2021
    risk 0.40cvss 6.1epss 0.01

    The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the handling of…

  • CVE-2020-36236MedFeb 15, 2021
    risk 0.40cvss 6.1epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version…

  • CVE-2020-4022MedJul 1, 2020
    risk 0.40cvss 6.1epss 0.01

    The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a…

  • CVE-2020-14169MedJul 1, 2020
    risk 0.40cvss 6.1epss 0.01

    The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability

  • CVE-2020-14164MedJul 1, 2020
    risk 0.40cvss 6.1epss 0.01

    The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by pasting javascript code into the editor field.

  • CVE-2020-14168MedJul 1, 2020
    risk 0.38cvss 5.9epss 0.02

    The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle (MITM)…

  • CVE-2021-39125MedSep 14, 2021
    risk 0.35cvss 5.3epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1.

  • CVE-2021-39118MedSep 14, 2021
    risk 0.35cvss 5.3epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render endpoint. The affected versions are before version 8.19.0.

  • CVE-2020-36286MedApr 1, 2021
    risk 0.35cvss 5.3epss 0.01

    The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are…

  • CVE-2020-36238MedApr 1, 2021
    risk 0.35cvss 5.3epss 0.02

    The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions…

  • CVE-2020-4024MedJul 1, 2020
    risk 0.35cvss 5.4epss 0.01

    The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a…

  • CVE-2020-14165MedJul 1, 2020
    risk 0.35cvss 5.3epss 0.01

    The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability.

  • CVE-2019-20414MedJun 29, 2020
    risk 0.35cvss 5.4epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in Issue Navigator Basic Search. The affected versions are before version 7.13.9, and from version 8.0.0 before…