VYPR

Jira Core Data Center

by Atlassian

CVEs (90)

  • CVE-2020-36287MedApr 9, 2021
    risk 0.35cvss 5.3epss 0.09

    The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions…

  • CVE-2020-36286MedApr 1, 2021
    risk 0.35cvss 5.3epss 0.01

    The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are…

  • CVE-2020-36238MedApr 1, 2021
    risk 0.35cvss 5.3epss 0.02

    The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions…

  • CVE-2021-26069MedMar 22, 2021
    risk 0.35cvss 5.3epss 0.03

    Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in the /rest/api/1.0/issues/{id}/ActionsAndOperations API endpoint. The affected…

  • CVE-2020-36237MedFeb 15, 2021
    risk 0.35cvss 5.3epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. The affected versions are before version 8.15.0.

  • CVE-2020-36235MedFeb 15, 2021
    risk 0.35cvss 5.3epss 0.02

    Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view. The affected versions are before version 8.13.2, and from version…

  • CVE-2019-20899MedJul 13, 2020
    risk 0.35cvss 5.3epss 0.02

    The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1.

  • CVE-2020-14173MedJul 3, 2020
    risk 0.35cvss 5.4epss 0.01

    The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2,…

  • CVE-2020-14165MedJul 1, 2020
    risk 0.35cvss 5.3epss 0.01

    The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability.

  • CVE-2019-20412MedJun 29, 2020
    risk 0.35cvss 5.3epss 0.02

    The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of the workflow name; Issue…

  • CVE-2021-43945MedFeb 28, 2022
    risk 0.31cvss 4.8epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The…

  • CVE-2021-39117MedAug 30, 2021
    risk 0.31cvss 4.8epss 0.01

    The AssociateFieldToScreens page in Atlassian Jira Server and Data Center before version 8.18.0 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability via the name of a custom field.

  • CVE-2021-39112MedAug 25, 2021
    risk 0.31cvss 4.8epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from…

  • CVE-2020-36234MedFeb 15, 2021
    risk 0.31cvss 4.8epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3,…

  • CVE-2019-20416MedJun 30, 2020
    risk 0.31cvss 4.8epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature. The affected versions are before version 8.3.0.

  • CVE-2019-15002MedFeb 11, 2025
    risk 0.28cvss 4.3epss 0.00

    An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF token. As a result, an attacker can log a user into the system under an unexpected account.

  • CVE-2021-43953MedFeb 15, 2022
    risk 0.28cvss 4.3epss 0.00

    Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The…

  • CVE-2021-43952MedFeb 15, 2022
    risk 0.28cvss 4.3epss 0.00

    Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint. The affected versions are…

  • CVE-2021-41313MedNov 1, 2021
    risk 0.28cvss 4.3epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are…

  • CVE-2021-39124MedSep 14, 2021
    risk 0.28cvss 4.3epss 0.01

    The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request to bypass CSRF protection and replay a crafted request.

Page 4 of 5