Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
atlassian jira 8.4.0 vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2019-15001
The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator...
Atlassian Jira
Atlassian Jira 8.4.0
1 Github repository available
1 Article available
5
CVSSv2
CVE-2019-8449
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability....
Atlassian Jira
11 Github repositories available
3.5
CVSSv2
CVE-2019-8450
Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the...
Atlassian Jira
4.3
CVSSv2
CVE-2019-14998
The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance....
Atlassian Jira
5
CVSSv2
CVE-2019-14995
The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check....
Atlassian Jira
6.4
CVSSv2
CVE-2019-8451
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class....
Atlassian Jira
14 Github repositories available
4.3
CVSSv2
CVE-2019-14997
The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with...
Atlassian Jira
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-24069
remote code execution
mass assignment
CVE-2021-1782
CVE-2021-23962
CVE-2021-24081
cross-site scripting
CVE-2021-21973
CVE-2021-23972