VYPR

Crowd Data Center and Server

by Atlassian

CVEs (65)

  • CVE-2020-4028MedJun 23, 2020
    risk 0.35cvss 5.3epss 0.01

    Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure…

  • CVE-2020-4021MedJun 1, 2020
    risk 0.35cvss 5.4epss 0.01

    Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the XML export view.

  • CVE-2019-20403MedFeb 6, 2020
    risk 0.35cvss 5.3epss 0.01

    The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability.

  • CVE-2019-20105MedMar 17, 2020
    risk 0.32cvss 4.9epss 0.01

    The EditApplinkServlet resource in the Atlassian Application Links plugin before version 5.4.20, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.1, and from version 7.1.0 before version 7.1.3 allows remote…

  • CVE-2019-20402MedFeb 6, 2020
    risk 0.32cvss 4.9epss 0.01

    Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability.

  • CVE-2021-39117MedAug 30, 2021
    risk 0.31cvss 4.8epss 0.01

    The AssociateFieldToScreens page in Atlassian Jira Server and Data Center before version 8.18.0 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability via the name of a custom field.

  • CVE-2021-39112MedAug 25, 2021
    risk 0.31cvss 4.8epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from…

  • CVE-2020-36234MedFeb 15, 2021
    risk 0.31cvss 4.8epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3,…

  • CVE-2020-4025MedJul 1, 2020
    risk 0.31cvss 4.8epss 0.01

    The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or…

  • CVE-2021-43953MedFeb 15, 2022
    risk 0.28cvss 4.3epss 0.00

    Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The…

  • CVE-2021-43952MedFeb 15, 2022
    risk 0.28cvss 4.3epss 0.00

    Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint. The affected versions are…

  • CVE-2021-41313MedNov 1, 2021
    risk 0.28cvss 4.3epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are…

  • CVE-2021-39124MedSep 14, 2021
    risk 0.28cvss 4.3epss 0.01

    The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request to bypass CSRF protection and replay a crafted request.

  • CVE-2020-14174MedJul 13, 2020
    risk 0.28cvss 4.3epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from…

  • CVE-2020-4029MedJul 1, 2020
    risk 0.28cvss 4.3epss 0.01

    The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to enumerate project names via an improper authorization vulnerability.

  • CVE-2019-20415MedJun 30, 2020
    risk 0.28cvss 4.3epss 0.01

    Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0.

  • CVE-2019-20411MedJun 29, 2020
    risk 0.28cvss 4.3epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.

  • CVE-2019-20099MedFeb 12, 2020
    risk 0.28cvss 4.3epss 0.01

    The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the…

  • CVE-2019-20098MedFeb 12, 2020
    risk 0.28cvss 4.3epss 0.01

    The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the…

  • CVE-2019-20405MedFeb 6, 2020
    risk 0.28cvss 4.3epss 0.01

    The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability.