Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian jira server vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-11585
The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote malicious users to redirect users to a different website which they may use as part of performing a phishing attack via an op...
Atlassian Jira
Atlassian Jira Server
4.3
CVSSv3
CVE-2019-11586
The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote malicious users to create new resolutions via a Cross-site request forgery (CSRF) vulnerability.
Atlassian Jira
Atlassian Jira Server
9.8
CVSSv3
CVE-2019-11581
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of...
Atlassian Jira Server
Atlassian Jira
7 Github repositories
4.3
CVSSv3
CVE-2019-11588
The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote malicious users to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerabilit...
Atlassian Jira Server
Atlassian Jira
5.9
CVSSv3
CVE-2017-18104
The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not be sent because they are n...
Atlassian Jira Server
Atlassian Jira
6.5
CVSSv3
CVE-2017-18101
Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote malicious users to run import operat...
Atlassian Jira Server
Atlassian Jira
4.3
CVSSv3
CVE-2019-15013
The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue sta...
Atlassian Jira
Atlassian Jira Server
6.5
CVSSv3
CVE-2019-11587
Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote malicious users to modify various settings via Cross-site request forgery (CSRF).
Atlassian Jira Server
Atlassian Jira
5.3
CVSSv3
CVE-2020-14185
Affected versions of Jira Server allow remote unauthenticated malicious users to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are prior to 7.13.18, from version 8.0.0 prior to 8.5.9, and from version 8.6.0 before...
Atlassian Jira
Atlassian Jira Server
7.5
CVSSv3
CVE-2018-5231
The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote malicious users to perform a denial of service attack via sending req...
Atlassian Jira Server
Atlassian Jira
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »