Crowd Data Center and Server
by Atlassian
CVEs (65)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-4028 | Med | 0.35 | 5.3 | 0.01 | Jun 23, 2020 | Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure… | ||
| CVE-2020-4021 | Med | 0.35 | 5.4 | 0.01 | Jun 1, 2020 | Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the XML export view. | ||
| CVE-2019-20403 | Med | 0.35 | 5.3 | 0.01 | Feb 6, 2020 | The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability. | ||
| CVE-2019-20105 | Med | 0.32 | 4.9 | 0.01 | Mar 17, 2020 | The EditApplinkServlet resource in the Atlassian Application Links plugin before version 5.4.20, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.1, and from version 7.1.0 before version 7.1.3 allows remote… | ||
| CVE-2019-20402 | Med | 0.32 | 4.9 | 0.01 | Feb 6, 2020 | Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability. | ||
| CVE-2021-39117 | Med | 0.31 | 4.8 | 0.01 | Aug 30, 2021 | The AssociateFieldToScreens page in Atlassian Jira Server and Data Center before version 8.18.0 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability via the name of a custom field. | ||
| CVE-2021-39112 | Med | 0.31 | 4.8 | 0.01 | Aug 25, 2021 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from… | ||
| CVE-2020-36234 | Med | 0.31 | 4.8 | 0.01 | Feb 15, 2021 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3,… | ||
| CVE-2020-4025 | Med | 0.31 | 4.8 | 0.01 | Jul 1, 2020 | The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or… | ||
| CVE-2021-43953 | Med | 0.28 | 4.3 | 0.00 | Feb 15, 2022 | Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The… | ||
| CVE-2021-43952 | Med | 0.28 | 4.3 | 0.00 | Feb 15, 2022 | Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint. The affected versions are… | ||
| CVE-2021-41313 | Med | 0.28 | 4.3 | 0.01 | Nov 1, 2021 | Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are… | ||
| CVE-2021-39124 | Med | 0.28 | 4.3 | 0.01 | Sep 14, 2021 | The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request to bypass CSRF protection and replay a crafted request. | ||
| CVE-2020-14174 | Med | 0.28 | 4.3 | 0.01 | Jul 13, 2020 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from… | ||
| CVE-2020-4029 | Med | 0.28 | 4.3 | 0.01 | Jul 1, 2020 | The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to enumerate project names via an improper authorization vulnerability. | ||
| CVE-2019-20415 | Med | 0.28 | 4.3 | 0.01 | Jun 30, 2020 | Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0. | ||
| CVE-2019-20411 | Med | 0.28 | 4.3 | 0.01 | Jun 29, 2020 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. | ||
| CVE-2019-20099 | Med | 0.28 | 4.3 | 0.01 | Feb 12, 2020 | The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the… | ||
| CVE-2019-20098 | Med | 0.28 | 4.3 | 0.01 | Feb 12, 2020 | The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the… | ||
| CVE-2019-20405 | Med | 0.28 | 4.3 | 0.01 | Feb 6, 2020 | The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability. |
- risk 0.35cvss 5.3epss 0.01
Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure…
- risk 0.35cvss 5.4epss 0.01
Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the XML export view.
- risk 0.35cvss 5.3epss 0.01
The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability.
- risk 0.32cvss 4.9epss 0.01
The EditApplinkServlet resource in the Atlassian Application Links plugin before version 5.4.20, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.1, and from version 7.1.0 before version 7.1.3 allows remote…
- risk 0.32cvss 4.9epss 0.01
Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability.
- risk 0.31cvss 4.8epss 0.01
The AssociateFieldToScreens page in Atlassian Jira Server and Data Center before version 8.18.0 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability via the name of a custom field.
- risk 0.31cvss 4.8epss 0.01
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from…
- risk 0.31cvss 4.8epss 0.01
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3,…
- risk 0.31cvss 4.8epss 0.01
The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or…
- risk 0.28cvss 4.3epss 0.00
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The…
- risk 0.28cvss 4.3epss 0.00
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint. The affected versions are…
- risk 0.28cvss 4.3epss 0.01
Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are…
- risk 0.28cvss 4.3epss 0.01
The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request to bypass CSRF protection and replay a crafted request.
- risk 0.28cvss 4.3epss 0.01
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from…
- risk 0.28cvss 4.3epss 0.01
The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to enumerate project names via an improper authorization vulnerability.
- risk 0.28cvss 4.3epss 0.01
Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0.
- risk 0.28cvss 4.3epss 0.01
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.
- risk 0.28cvss 4.3epss 0.01
The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the…
- risk 0.28cvss 4.3epss 0.01
The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the…
- risk 0.28cvss 4.3epss 0.01
The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability.
Page 3 of 4