VYPR

Crowd Data Center and Server

by Atlassian

CVEs (65)

  • CVE-2019-20404MedFeb 6, 2020
    risk 0.28cvss 4.3epss 0.01

    The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability.

  • CVE-2019-20106MedFeb 6, 2020
    risk 0.28cvss 4.3epss 0.01

    Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control…

  • CVE-2019-15005MedNov 8, 2019
    risk 0.28cvss 4.3epss 0.01

    The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration…

  • CVE-2026-21569Jan 28, 2026
    risk 0.00cvss epss 0.00

    This High severity XXE (XML External Entity Injection) vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This XXE (XML External Entity Injection) vulnerability, with a CVSS Score of 7.9, allows an authenticated attacker to access local and remote…

  • CVE-2025-22167Oct 22, 2025
    risk 0.00cvss epss 0.00

    This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9.12.0, 10.3.0 and remain present in 11.0.0 of Jira Software Data Center and Server. This Path Traversal (Arbitrary Write) vulnerability, with a CVSS Score of 8.7, allows an attacker to…

Page 4 of 4