Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian jira server 8.4.0 vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2019-15001
The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 prior to 7.6.16, from 7.7.0 prior to 7.13.8, from 8.0.0 prior to 8.1.3, from 8.2.0 prior to 8.2.5, from 8.3.0 prior to 8.3.4 and from 8.4.0 prior to 8.4.1 allows remote attackers with Admin...
Atlassian Jira Server
Atlassian Jira Server 8.4.0
Atlassian Jira Data Center
Atlassian Jira Data Center 8.4.0
5.3
CVSSv3
CVE-2021-26086
Affected versions of Atlassian Jira Server and Data Center allow remote malicious users to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 prior to 8.13.6, and from vers...
Atlassian Jira Data Center
Atlassian Jira Server
1 Github repository
6.5
CVSSv3
CVE-2019-14998
The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote malicious users to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance.
Atlassian Jira Server
5.3
CVSSv3
CVE-2019-14995
The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous malicious users to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check.
Atlassian Jira Server
6.5
CVSSv3
CVE-2019-8451
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote malicious users to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.
Atlassian Jira Server
7 Github repositories
4.3
CVSSv3
CVE-2019-14997
The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous malicious users to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer...
Atlassian Jira Server
4.8
CVSSv3
CVE-2019-8450
Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the ...
Atlassian Jira Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started