Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jira vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-3401
The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote malicious users to enumerate usernames via an incorrect authorisation check.
Atlassian Jira Server
Atlassian Jira
4.3
CVSSv2
CVE-2019-3402
The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.
Atlassian Jira Server
Atlassian Jira
5
CVSSv2
CVE-2019-3403
The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote malicious users to enumerate usernames via an incorrect authorisation check.
Atlassian Jira
Atlassian Jira Server
2 Github repositories
9.3
CVSSv2
CVE-2019-11581
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of...
Atlassian Jira Server
Atlassian Jira
7 Github repositories
5.8
CVSSv2
CVE-2019-11585
The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote malicious users to redirect users to a different website which they may use as part of performing a phishing attack via an op...
Atlassian Jira
Atlassian Jira Server
4.3
CVSSv2
CVE-2019-11586
The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote malicious users to create new resolutions via a Cross-site request forgery (CSRF) vulnerability.
Atlassian Jira
Atlassian Jira Server
4.3
CVSSv2
CVE-2019-11587
Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote malicious users to modify various settings via Cross-site request forgery (CSRF).
Atlassian Jira Server
Atlassian Jira
4.3
CVSSv2
CVE-2019-11588
The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote malicious users to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerabilit...
Atlassian Jira Server
Atlassian Jira
3.5
CVSSv2
CVE-2015-8481
Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote malicious users to obtai...
Atlassian Jira Core 7.0.3
Atlassian Jira Server 7.0.3
Atlassian Jira Service Desk 3.0.3
5.8
CVSSv2
CVE-2019-20901
The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote malicious users to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter.
Atlassian Jira
Atlassian Jira Server 8.6.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »