Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian jira vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-5983
The JIRA Workflow Designer Plugin in Atlassian JIRA Server prior to 6.3.0 improperly uses an XML parser and deserializer, which allows remote malicious users to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.
Atlassian Jira 4.2.4
Atlassian Jira 4.3
Atlassian Jira 4.3.1
Atlassian Jira 4.3.2
Atlassian Jira 4.3.3
Atlassian Jira 4.3.4
Atlassian Jira 4.4
Atlassian Jira 4.4.1
Atlassian Jira 4.4.2
Atlassian Jira 4.4.3
Atlassian Jira 4.4.4
Atlassian Jira 4.4.5
4.3
CVSSv2
CVE-2010-1164
Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 up to and including 4.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) element or (2) defaultColor parameter to the Colour Picker page; the (3) formName parameter, (4) elem...
Atlassian Jira 3.12
Atlassian Jira 3.12.1
Atlassian Jira 3.12.2
Atlassian Jira 3.12.3
Atlassian Jira 3.13
Atlassian Jira 3.13.1
Atlassian Jira 3.13.2
Atlassian Jira 3.13.3
Atlassian Jira 3.13.4
Atlassian Jira 3.13.5
Atlassian Jira 4.0
Atlassian Jira 4.0.1
1 Github repository
9
CVSSv2
CVE-2010-1165
Atlassian JIRA 3.12 up to and including 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.
Atlassian Jira 3.12
Atlassian Jira 3.12.1
Atlassian Jira 3.12.2
Atlassian Jira 3.12.3
Atlassian Jira 3.13
Atlassian Jira 3.13.1
Atlassian Jira 3.13.2
Atlassian Jira 3.13.3
Atlassian Jira 3.13.4
Atlassian Jira 3.13.5
Atlassian Jira 4.0
Atlassian Jira 4.0.1
4.3
CVSSv2
CVE-2014-2313
Directory traversal vulnerability in the Importers plugin in Atlassian JIRA prior to 6.0.5 allows remote malicious users to create arbitrary files via unspecified vectors.
Atlassian Jira
Atlassian Jira 6.0
Atlassian Jira 6.0.1
Atlassian Jira 6.0.2
Atlassian Jira 6.0.3
4.3
CVSSv2
CVE-2013-5319
Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA prior to 6.0.5 allows remote malicious users to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa.
Atlassian Jira
Atlassian Jira 6.0
Atlassian Jira 6.0.1
Atlassian Jira 6.0.2
Atlassian Jira 6.0.3
4.3
CVSSv2
CVE-2014-2314
Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA prior to 6.0.4 allows remote malicious users to create arbitrary files via unspecified vectors.
Atlassian Jira
Atlassian Jira 6.0
Atlassian Jira 6.0.1
Atlassian Jira 6.0.2
1 EDB exploit
4.3
CVSSv3
CVE-2019-20106
Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote malicious users to make comments on a ticket to which they do not have commenting permissions via a broken access cont...
Atlassian Jira
Atlassian Jira Data Center
Atlassian Jira Data Center 8.6.0
Atlassian Jira Server
Atlassian Jira Server 8.6.0
Atlassian Jira Software Data Center
4.3
CVSSv3
CVE-2020-14174
Affected versions of Atlassian Jira Server and Data Center allow remote malicious users to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from...
Atlassian Jira
Atlassian Jira Data Center
Atlassian Jira Data Center 8.10.0
Atlassian Jira Server
Atlassian Jira Server 8.10.0
Atlassian Jira Software Data Center
4.3
CVSSv3
CVE-2020-36231
Affected versions of Atlassian Jira Server and Data Center allow remote malicious users to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.5.10, and from version 8...
Atlassian Jira
Atlassian Jira Data Center
Atlassian Jira Data Center 8.13.3
Atlassian Jira Server
Atlassian Jira Server 8.13.3
Atlassian Jira Software Data Center
5.3
CVSSv3
CVE-2019-20899
The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote malicious users to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 prior to 8.6....
Atlassian Jira
Atlassian Jira Data Center
Atlassian Jira Server
Atlassian Jira Software Data Center
Preferred Score:
CVSSv4
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
local file inclusion
dcmtk
CVE-2025-24813
CVE-2023-52315
directory listings wordpress plugin – ulisting
CVE-2025-2348
IDOR
CVE-2024-12336
vam
CVE-2025-24856
wireless
wordpress form builder plugin for contact forms, surveys and quizzes – tripetto
CVE-2024-55591
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »
Vulmon