Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian jira server vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2019-11587
Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote malicious users to modify various settings via Cross-site request forgery (CSRF).
Atlassian Jira Server
Atlassian Jira
383
VMScore
CVE-2019-11588
The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote malicious users to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerabilit...
Atlassian Jira Server
Atlassian Jira
386
VMScore
CVE-2019-3402
The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.
Atlassian Jira Server
Atlassian Jira
446
VMScore
CVE-2019-3403
The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote malicious users to enumerate usernames via an incorrect authorisation check.
Atlassian Jira
Atlassian Jira Server
2 Github repositories
830
VMScore
CVE-2019-11581
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of...
Atlassian Jira Server
Atlassian Jira
7 Github repositories
356
VMScore
CVE-2019-15013
The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue sta...
Atlassian Jira
Atlassian Jira Server
312
VMScore
CVE-2018-20232
The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url locat...
Atlassian Jira Server
Atlassian Jira
445
VMScore
CVE-2019-3399
The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote malicious users to see information for archived projects through a missing authorisation check.
Atlassian Jira
Atlassian Jira Server
445
VMScore
CVE-2019-3401
The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote malicious users to enumerate usernames via an incorrect authorisation check.
Atlassian Jira Server
Atlassian Jira
445
VMScore
CVE-2020-14185
Affected versions of Jira Server allow remote unauthenticated malicious users to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are prior to 7.13.18, from version 8.0.0 prior to 8.5.9, and from version 8.6.0 before...
Atlassian Jira
Atlassian Jira Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »