VYPR

Jira

by Atlassian

Source repositories

CVEs (94)

  • CVE-2019-11589Aug 23, 2019
    risk 0.00cvss epss 0.01

    The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via…

  • CVE-2019-11588Aug 23, 2019
    risk 0.00cvss epss 0.01

    The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability.

  • CVE-2019-11587Aug 23, 2019
    risk 0.00cvss epss 0.01

    Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF).

  • CVE-2019-11586Aug 23, 2019
    risk 0.00cvss epss 0.01

    The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability.

  • CVE-2019-11585Aug 23, 2019
    risk 0.00cvss epss 0.01

    The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open…

  • CVE-2019-11584Aug 23, 2019
    risk 0.00cvss epss 0.01

    The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority.

  • CVE-2019-8448Aug 13, 2019
    risk 0.00cvss epss 0.02

    The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enumerate usernames via an information disclosure vulnerability.

  • CVE-2018-20826Aug 9, 2019
    risk 0.00cvss epss 0.01

    The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check.

  • CVE-2018-20827Aug 9, 2019
    risk 0.00cvss epss 0.01

    The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter.

  • CVE-2019-11583Jun 26, 2019
    risk 0.00cvss epss 0.01

    The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by "Epic Name".

  • CVE-2019-8443May 22, 2019
    risk 0.00cvss epss 0.03

    The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without…

  • CVE-2019-3400May 3, 2019
    risk 0.00cvss epss 0.01

    The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jql parameter.

  • CVE-2019-3399Apr 30, 2019
    risk 0.00cvss epss 0.02

    The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check.

  • CVE-2018-20239Apr 30, 2019
    risk 0.00cvss epss 0.03

    Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS)…

  • CVE-2018-13403Feb 13, 2019
    risk 0.00cvss epss 0.01

    The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS)…

  • CVE-2018-13404Feb 13, 2019
    risk 0.00cvss epss 0.01

    The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before…

  • CVE-2018-20232Feb 13, 2019
    risk 0.00cvss epss 0.01

    The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location…

  • CVE-2018-13400Oct 23, 2018
    risk 0.00cvss epss 0.01

    Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version…

  • CVE-2018-13402Oct 23, 2018
    risk 0.00cvss epss 0.01

    Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version…

  • CVE-2018-13401Oct 23, 2018
    risk 0.00cvss epss 0.01

    The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3,…

Page 4 of 5