Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian jira data center vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-36286
The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous malicious users to determine if a group exists & members of groups if they a...
Atlassian Data Center
Atlassian Jira Data Center
Atlassian Jira
Atlassian Jira Server
5
CVSSv2
CVE-2020-36238
The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous malicious users to determine if a username is valid or not via a missing permiss...
Atlassian Data Center
Atlassian Jira
Atlassian Jira Server
Atlassian Jira Data Center
5
CVSSv2
CVE-2021-26069
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote malicious users to download temporary files and enumerate project keys via an Information Disclosure vulnerability in the /rest/api/1.0/issues/{id}/ActionsAndOperations API endpoint. The affec...
Atlassian Data Center
Atlassian Jira Data Center
Atlassian Jira
Atlassian Jira Server
5
CVSSv2
CVE-2020-29453
The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 prior to 8.13.3, and from 8.14.0 prior to 8.15.0 allowed unauthenticated remote malicious users to read arbitrary files within WEB-INF and META-INF directories via a...
Atlassian Data Center
Atlassian Jira Data Center
Atlassian Jira Server
5
CVSSv2
CVE-2020-36235
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote malicious users to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view. The affected versions are before version 8.13.2, and from version...
Atlassian Jira
Atlassian Jira Server
Atlassian Jira Software Data Center
5
CVSSv2
CVE-2020-36237
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote malicious users to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. The affected versions are before version 8.15.0.
Atlassian Data Center
Atlassian Jira
5
CVSSv2
CVE-2020-14179
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated malicious users to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are befo...
Atlassian Jira Server
Atlassian Jira Data Center
5 Github repositories
5
CVSSv2
CVE-2020-14181
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 prior to 8.5.7, and fro...
Atlassian Data Center
Atlassian Jira
Atlassian Jira Server
3 Github repositories
1 Article
5
CVSSv2
CVE-2020-14178
Affected versions of Atlassian Jira Server and Data Center allow remote malicious users to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 prior to 8.5.8, an...
Atlassian Jira
Atlassian Jira Server
Atlassian Jira Software Data Center
Atlassian Jira Data Center
5
CVSSv2
CVE-2019-20898
Affected versions of Atlassian Jira Server and Data Center allow remote malicious users to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0.
Atlassian Jira
Atlassian Jira Software Data Center
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »