VYPR

Jira

by Atlassian

Source repositories

CVEs (94)

  • CVE-2016-10716MedMar 16, 2018
    risk 0.35cvss 5.4epss 0.01

    The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS via the Name field in a Create Calender action, related to a MailRuCalendar.jspa#period/month URI.

  • CVE-2016-10715MedMar 16, 2018
    risk 0.35cvss 5.4epss 0.01

    The Artezio Kanban Board plugin 1.4 revision 1914 for Atlassian Jira has XSS via the Board Name in a Create New Board action, related to an artezioboard/mainPage.jspa?kanbanId=7#/kanban-view URI.

  • CVE-2017-16865MedJan 17, 2018
    risk 0.35cvss 5.3epss 0.01

    The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource…

  • CVE-2016-4318MedApr 10, 2017
    risk 0.31cvss 4.8epss 0.01

    Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name.

  • CVE-2017-16862MedJan 12, 2018
    risk 0.28cvss 4.3epss 0.01

    The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability.

  • CVE-2019-8449Sep 11, 2019
    risk 0.09cvss epss 0.85

    The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.

  • CVE-2019-8451Sep 11, 2019
    risk 0.08cvss epss 0.94

    The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.

  • CVE-2015-5603Sep 21, 2015
    risk 0.08cvss epss 0.59

    The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability."

  • CVE-2020-14179Sep 21, 2020
    risk 0.07cvss epss 0.76

    Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before…

  • CVE-2019-8442May 22, 2019
    risk 0.07cvss epss 0.60

    The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access…

  • CVE-2019-3403May 22, 2019
    risk 0.07cvss epss 0.53

    The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

  • CVE-2019-8446Aug 23, 2019
    risk 0.06cvss epss 0.18

    The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check.

  • CVE-2019-3401May 22, 2019
    risk 0.05cvss epss 0.13

    The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

  • CVE-2014-2314Mar 9, 2014
    risk 0.05cvss epss 0.26

    Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.

  • CVE-2022-39960Sep 17, 2022
    risk 0.03cvss epss 0.26

    The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/…

  • CVE-2012-1500Feb 13, 2020
    risk 0.03cvss epss 0.01

    Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code.

  • CVE-2019-3402May 22, 2019
    risk 0.01cvss epss 0.09

    The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.

  • CVE-2018-20824May 3, 2019
    risk 0.01cvss epss 0.38

    The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter.

  • CVE-2019-15002Feb 11, 2025
    risk 0.00cvss epss 0.00

    An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF token. As a result, an attacker can log a user into the system under an unexpected account.

  • CVE-2022-26137Jul 20, 2022
    risk 0.00cvss epss 0.02

    A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this…

Page 2 of 5