Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian jira vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2020-29451
Affected versions of Atlassian Jira Server and Data Center allow remote malicious users to enumerate Jira projects via an Information Disclosure vulnerability in the Jira Projects plugin report page. The affected versions are before version 8.5.11, from version 8.6.0 prior to 8.1...
Atlassian Data Center
Atlassian Jira
Atlassian Jira Server
5
CVSSv2
CVE-2021-39125
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote malicious users to discover the usernames of users via an enumeration vulnerability in the password reset page. The affected versions are before version 8.5.10, and from version 8.6.0 prior to 8.13....
Atlassian Jira
Atlassian Data Center
Atlassian Jira Server
3.5
CVSSv2
CVE-2015-8481
Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote malicious users to obtai...
Atlassian Jira Core 7.0.3
Atlassian Jira Server 7.0.3
Atlassian Jira Service Desk 3.0.3
5.8
CVSSv2
CVE-2019-20901
The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote malicious users to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter.
Atlassian Jira
Atlassian Jira Server 8.6.0
5
CVSSv2
CVE-2019-20101
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote malicious users to view whitelist rules via a Broken Access Control vulnerability in the /rest/whitelist/<version>/check endpoint. The affected versions are before version 8.13.3, and from ver...
Atlassian Data Center 8
Atlassian Data Center
Atlassian Jira 8
Atlassian Jira
5
CVSSv2
CVE-2020-29453
The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 prior to 8.13.3, and from 8.14.0 prior to 8.15.0 allowed unauthenticated remote malicious users to read arbitrary files within WEB-INF and META-INF directories via a...
Atlassian Data Center
Atlassian Jira Data Center
Atlassian Jira Server
7.5
CVSSv2
CVE-2020-14172
This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atlassian Jira Server and Data Center in affected versions allowed remote malicious ...
Atlassian Jira
Atlassian Jira Software Data Center
5
CVSSv2
CVE-2020-14179
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated malicious users to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are befo...
Atlassian Jira Server
Atlassian Jira Data Center
5 Github repositories
4.3
CVSSv2
CVE-2020-14164
The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote malicious users to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by pasting javascript code into the editor field.
Atlassian Jira
Atlassian Jira Software Data Center
5
CVSSv2
CVE-2020-14165
The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote malicious users to obtain information about custom project avatars names via an Improper authorization vulnerability.
Atlassian Jira
Atlassian Jira Software Data Center
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
7
8
9
10
NEXT »