Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian jira data center vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-20409
The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote malicious users to gain remote code execution if they were able to exploit a server side template injection vulnerability.
Atlassian Jira
Atlassian Jira Software Data Center
7.8
CVSSv3
CVE-2019-20419
Affected versions of Atlassian Jira Server and Data Center allow remote malicious users to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The affected versions are before version 8.5.5, and from version 8.6.0 prior to 8.7.2.
Atlassian Jira Server
Atlassian Jira Data Center
6.1
CVSSv3
CVE-2021-26080
EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 prior to 8.16.1 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
Atlassian Jira Server
Atlassian Jira Data Center
5.3
CVSSv3
CVE-2021-26086
Affected versions of Atlassian Jira Server and Data Center allow remote malicious users to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 prior to 8.13.6, and from vers...
Atlassian Jira Data Center
Atlassian Jira Server
1 Github repository
6.5
CVSSv3
CVE-2021-43946
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote malicious users to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before vers...
Atlassian Jira Data Center
Atlassian Jira Server
5.5
CVSSv3
CVE-2021-39116
Affected versions of Atlassian Jira Server and Data Center allow remote malicious users to impact the application's availability via a Denial of Service (DoS) vulnerability in the GIF Image Reader component. The affected versions are before version 8.13.14, and from version ...
Atlassian Jira Data Center
Atlassian Jira Server
6.5
CVSSv3
CVE-2021-39126
Affected versions of Atlassian Jira Server and Data Center allow remote malicious users to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF ...
Atlassian Jira Data Center
Atlassian Jira Server
7.2
CVSSv3
CVE-2022-36799
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary...
Atlassian Jira Data Center
Atlassian Jira Server
7.2
CVSSv3
CVE-2021-39128
Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected v...
Atlassian Jira Server
Atlassian Jira Data Center
4.3
CVSSv3
CVE-2019-20098
The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the ...
Atlassian Jira Server
Atlassian Jira Data Center
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002
CVE-2006-4304
CVE-2024-4336
CVE-2024-33437
CVE-2024-4340
CVE-2024-27956
privilege
insecure direct object reference
XSS
item search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »