Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian jira vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2019-11581
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of...
Atlassian Jira Server
Atlassian Jira
7 Github repositories
9
CVSSv2
CVE-2021-43947
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/brow...
Atlassian Data Center
Atlassian Jira Data Center
Atlassian Jira
Atlassian Jira Server
9
CVSSv2
CVE-2021-39115
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Templat...
Atlassian Jira Service Desk
Atlassian Jira Service Management
1 Github repository
9
CVSSv2
CVE-2021-26068
An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote malicious users to execute arbitrary code via a template injection vulnerability.
Atlassian Jira Server For Slack
9
CVSSv2
CVE-2019-15001
The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 prior to 7.6.16, from 7.7.0 prior to 7.13.8, from 8.0.0 prior to 8.1.3, from 8.2.0 prior to 8.2.5, from 8.3.0 prior to 8.3.4 and from 8.4.0 prior to 8.4.1 allows remote attackers with Admin...
Atlassian Jira Server
Atlassian Jira Server 8.4.0
Atlassian Jira Data Center
Atlassian Jira Data Center 8.4.0
9
CVSSv2
CVE-2010-1165
Atlassian JIRA 3.12 up to and including 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.
Atlassian Jira 3.12
Atlassian Jira 3.13.3
Atlassian Jira 3.13.1
Atlassian Jira 3.13.2
Atlassian Jira 4.1
Atlassian Jira 3.12.3
Atlassian Jira 3.13
Atlassian Jira 4.0.1
Atlassian Jira 4.0.2
Atlassian Jira 3.13.4
Atlassian Jira 3.12.1
Atlassian Jira 3.12.2
Atlassian Jira 3.13.5
Atlassian Jira 4.0
7.5
CVSSv2
CVE-2021-37843
The resolution SAML SSO apps for Atlassian products allow a remote malicious user to login to a user account when only the username is known (i.e., no other authentication is provided). The fixed versions are for Jira: 3.6.6.1, 4.0.12, 5.0.5; for Confluence 3.6.6, 4.0.12, 5.0.5; ...
Atlassian Saml Single Sign On
7.5
CVSSv2
CVE-2020-36239
Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 prior to 8.5.16, from 8.6.0 prior to 8.13.8, from 8.14.0 prior to 8.17.0 and Jira Service Management Data Center from version 2.0.2 prior to 4.5.16, from version 4.6.0 prior to 4.13.8, and from ...
Atlassian Jira Data Center
Atlassian Jira Service Desk
Atlassian Jira Service Management
1 Github repository
7.5
CVSSv2
CVE-2020-14188
The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote malicious users to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue.
Atlassian Jira Create
7.5
CVSSv2
CVE-2020-14189
The execute function in in the Atlassian gajira-comment GitHub Action before version 2.0.2 allows remote malicious users to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue comment.
Atlassian Jira Comment
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »