Jira Core Data Center

CVEs (71)

CVE	Vendor / Product	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2021-26086	Atlassian Jira Server	0.23	—	0.94	KEV	Aug 16, 2021	Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version…
CVE-2022-26135	Atlassian Jira Server	0.07	—	0.84		Jun 30, 2022	A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center…
CVE-2022-0540	Atlassian Jira Server	0.07	—	0.93		Apr 20, 2022	A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0…
CVE-2020-36289	Atlassian Jira Server	0.07	—	0.92		May 12, 2021	Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0…
CVE-2020-29453	Atlassian Jira Server	0.07	—	0.87		Feb 18, 2021	The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an…
CVE-2020-36287	Atlassian Jira Server	0.05	—	0.63		Apr 9, 2021	The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions…
CVE-2021-26078	Atlassian Jira Server	0.03	—	0.01		Jun 7, 2021	The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS)…
CVE-2020-36239	Atlassian Jira Service Management Data Center and Server	0.01	—	0.16		Jul 29, 2021	Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version…
CVE-2019-15001	Atlassian Jira Server	0.01	—	0.12		Sep 19, 2019	The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator…
CVE-2025-22167	Atlassian Jira Server	0.00	—	0.00		Oct 22, 2025	This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9.12.0, 10.3.0 and remain present in 11.0.0 of Jira Software Data Center and Server. This Path Traversal (Arbitrary Write) vulnerability, with a CVSS Score of 8.7, allows an attacker to…
CVE-2025-22157	Atlassian Jira Server	0.00	—	0.00		May 20, 2025	This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server This PrivEsc (Privilege…
CVE-2019-15002	Atlassian Jira	0.00	—	0.00		Feb 11, 2025	An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF token. As a result, an attacker can log a user into the system under an unexpected account.
CVE-2024-21685	Atlassian Jira Core Data Center	0.00	—	0.01		Jun 18, 2024	This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via…
CVE-2022-36801	Atlassian Jira Server	0.00	—	0.00		Aug 10, 2022	Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (RXSS) vulnerability in the TeamManagement.jspa endpoint. The affected versions are before version 8.20.8.
CVE-2022-36799	Atlassian Jira Server	0.00	—	0.04		Aug 1, 2022	This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute…
CVE-2022-26137	Atlassian Fisheye	0.00	—	0.00		Jul 20, 2022	A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this…
CVE-2022-26136	Atlassian Fisheye	0.00	—	0.00		Jul 20, 2022	A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in…
CVE-2021-43944	Atlassian Jira Server	0.00	—	0.02		Mar 8, 2022	This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute…
CVE-2021-43945	Atlassian Jira Server	0.00	—	0.00		Feb 28, 2022	Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The…
CVE-2021-43941	Atlassian Jira Server	0.00	—	0.00		Feb 15, 2022	Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. The affected…

CVE-2021-26086KEVAug 16, 2021
Atlassian
Jira Server
risk 0.23cvss —epss 0.94
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version…
CVE-2022-26135Jun 30, 2022
Atlassian
Jira Server
risk 0.07cvss —epss 0.84
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center…
CVE-2022-0540Apr 20, 2022
Atlassian
Jira Server
risk 0.07cvss —epss 0.93
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0…
CVE-2020-36289May 12, 2021
Atlassian
Jira Server
risk 0.07cvss —epss 0.92
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0…
CVE-2020-29453Feb 18, 2021
Atlassian
Jira Server
risk 0.07cvss —epss 0.87
The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an…
CVE-2020-36287Apr 9, 2021
Atlassian
Jira Server
risk 0.05cvss —epss 0.63
The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions…
CVE-2021-26078Jun 7, 2021
Atlassian
Jira Server
risk 0.03cvss —epss 0.01
The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS)…
CVE-2020-36239Jul 29, 2021
Atlassian
Jira Service Management Data Center and Server
risk 0.01cvss —epss 0.16
Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version…
CVE-2019-15001Sep 19, 2019
Atlassian
Jira Server
risk 0.01cvss —epss 0.12
The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator…
CVE-2025-22167Oct 22, 2025
Atlassian
Jira Server
risk 0.00cvss —epss 0.00
This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9.12.0, 10.3.0 and remain present in 11.0.0 of Jira Software Data Center and Server. This Path Traversal (Arbitrary Write) vulnerability, with a CVSS Score of 8.7, allows an attacker to…
CVE-2025-22157May 20, 2025
Atlassian
Jira Server
risk 0.00cvss —epss 0.00
This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server This PrivEsc (Privilege…
CVE-2019-15002Feb 11, 2025
Atlassian
Jira
risk 0.00cvss —epss 0.00
An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF token. As a result, an attacker can log a user into the system under an unexpected account.
CVE-2024-21685Jun 18, 2024
Atlassian
Jira Core Data Center
risk 0.00cvss —epss 0.01
This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via…
CVE-2022-36801Aug 10, 2022
Atlassian
Jira Server
risk 0.00cvss —epss 0.00
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (RXSS) vulnerability in the TeamManagement.jspa endpoint. The affected versions are before version 8.20.8.
CVE-2022-36799Aug 1, 2022
Atlassian
Jira Server
risk 0.00cvss —epss 0.04
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute…
CVE-2022-26137Jul 20, 2022
Atlassian
Fisheye
risk 0.00cvss —epss 0.00
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this…
CVE-2022-26136Jul 20, 2022
Atlassian
Fisheye
risk 0.00cvss —epss 0.00
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in…
CVE-2021-43944Mar 8, 2022
Atlassian
Jira Server
risk 0.00cvss —epss 0.02
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute…
CVE-2021-43945Feb 28, 2022
Atlassian
Jira Server
risk 0.00cvss —epss 0.00
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The…
CVE-2021-43941Feb 15, 2022
Atlassian
Jira Server
risk 0.00cvss —epss 0.00
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. The affected…

Page 1 of 4