VYPR

Jira Core Data Center

by Atlassian

CVEs (90)

  • CVE-2021-39121MedSep 8, 2021
    risk 0.28cvss 4.3epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint. The affected versions are before…

  • CVE-2021-26075MedApr 15, 2021
    risk 0.28cvss 4.3epss 0.02

    The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data…

  • CVE-2020-29451MedFeb 15, 2021
    risk 0.28cvss 4.3epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Disclosure vulnerability in the Jira Projects plugin report page. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3,…

  • CVE-2020-36231MedFeb 2, 2021
    risk 0.28cvss 4.3epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0…

  • CVE-2020-14183MedOct 6, 2020
    risk 0.28cvss 4.3epss 0.01

    Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's Support Entitlement Number (SEN) via an Information Disclosure vulnerability in the HTTP Response headers. The affected versions are before…

  • CVE-2019-20407MedMar 17, 2020
    risk 0.28cvss 4.3epss 0.01

    The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they do not have access to through an missing authorisation check.

  • CVE-2019-20106MedFeb 6, 2020
    risk 0.28cvss 4.3epss 0.01

    Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control…

  • CVE-2019-15005MedNov 8, 2019
    risk 0.28cvss 4.3epss 0.01

    The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration…

  • CVE-2021-26076LowApr 15, 2021
    risk 0.24cvss 3.7epss 0.01

    The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the…

  • CVE-2021-26071LowApr 1, 2021
    risk 0.23cvss 3.5epss 0.00

    The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site…

Page 5 of 5