Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

jira vulnerabilities and exploits

(subscribe to this query)

NA
CVE-2008-6531
The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole."...
Atlassian Jira 3.13.1Atlassian Jira 3.13Atlassian Jira 3.12.2Atlassian Jira 3.12Atlassian Jira 3.10.2Atlassian Jira 3.10Atlassian Jira 3.9.3Atlassian Jira 3.9.2Atlassian Jira 3.9.1Atlassian Jira 3.9Atlassian Jira 3.8.1Atlassian Jira 3.7.4Atlassian Jira 3.7.2Atlassian Jira 3.7Atlassian Jira 3.6.4Atlassian Jira 3.6.2Atlassian Jira 3.6Atlassian JiraAtlassian Jira 3.12.3Atlassian Jira 3.12.1Atlassian Jira 3.11Atlassian Jira 3.10.1Atlassian Jira 3.8Atlassian Jira 3.7.3Atlassian Jira 3.7.1Atlassian Jira 3.6.5Atlassian Jira 3.6.3Atlassian Jira 3.6.1Atlassian Jira 3.5.3Atlassian Jira 3.5.1Atlassian Jira 3.4.3Atlassian Jira 3.4.2Atlassian Jira 3.4.1Atlassian Jira 3.3.3Atlassian Jira 3.3.2Atlassian Jira 3.3.1Atlassian Jira 3.2.3Atlassian Jira 3.2.1Atlassian Jira 3.1.1Atlassian Jira 3.0.3Atlassian Jira 3.0.1Atlassian Jira 2.6.1Atlassian Jira 2.5.3Atlassian Jira 3.3Atlassian Jira 3.2.2Atlassian Jira 3.2Atlassian Jira 3.1Atlassian Jira 3.0.2Atlassian Jira 3.0Atlassian Jira 3.5.2Atlassian Jira 3.5Atlassian Jira 2.6Atlassian Jira 2.5.2Atlassian Jira 2.4.1Atlassian Jira 2.2.1Atlassian Jira 2.1Atlassian Jira 2.5.1Atlassian Jira 2.3Atlassian Jira 2.2
NA
CVE-2010-1165
Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010....
Atlassian Jira 3.12Atlassian Jira 3.13.3Atlassian Jira 3.13.1Atlassian Jira 3.13.2Atlassian Jira 4.1Atlassian Jira 3.12.3Atlassian Jira 3.13Atlassian Jira 4.0.1Atlassian Jira 4.0.2Atlassian Jira 3.13.4Atlassian Jira 3.12.1Atlassian Jira 3.12.2Atlassian Jira 3.13.5Atlassian Jira 4.0
NA
CVE-2010-1164
Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) element or (2) defaultColor parameter to the Colour Picker page; the (3) formName parameter, (4) element parameter, or...
Atlassian Jira 3.13.1Atlassian Jira 3.13.2Atlassian Jira 3.12.3Atlassian Jira 3.13Atlassian Jira 4.0.2Atlassian Jira 4.1Atlassian Jira 3.12.1Atlassian Jira 3.12.2Atlassian Jira 4.0Atlassian Jira 4.0.1Atlassian Jira 3.12Atlassian Jira 3.13.3Atlassian Jira 3.13.4Atlassian Jira 3.13.5
NA
CVE-2013-5319
Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa....
Atlassian Jira 6.0.2Atlassian JiraAtlassian Jira 6.0Atlassian Jira 6.0.1Atlassian Jira 6.0.3
9.8
CVSSv3
CVE-2017-5983
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object....
Atlassian Jira 4.2.4Atlassian Jira 5.0.2Atlassian Jira 5.0.3Atlassian Jira 5.0.4Atlassian Jira 5.0.5Atlassian Jira 5.2.3Atlassian Jira 5.2.4Atlassian Jira 5.2.5Atlassian Jira 5.2.6Atlassian Jira 6.0.8Atlassian Jira 6.1Atlassian Jira 6.1.1Atlassian Jira 6.1.2Atlassian Jira 6.2.6Atlassian Jira 6.2.7Atlassian Jira 4.3.4Atlassian Jira 4.4Atlassian Jira 4.4.1Atlassian Jira 4.4.2Atlassian Jira 4.4.3Atlassian Jira 5.1.3Atlassian Jira 5.1.4Atlassian Jira 5.1.5Atlassian Jira 5.1.6Atlassian Jira 5.2.11Atlassian Jira 6.0Atlassian Jira 6.0.1Atlassian Jira 6.0.2Atlassian Jira 6.1.8Atlassian Jira 6.1.9Atlassian Jira 6.2Atlassian Jira 6.2.1Atlassian Jira 4.3Atlassian Jira 4.3.2Atlassian Jira 4.4.4Atlassian Jira 5.0Atlassian Jira 5.1Atlassian Jira 5.1.2Atlassian Jira 5.1.7Atlassian Jira 5.2Atlassian Jira 5.2.2Atlassian Jira 5.2.7Atlassian Jira 5.2.9Atlassian Jira 6.0.4Atlassian Jira 6.0.7Atlassian Jira 6.1.3Atlassian Jira 6.1.5Atlassian Jira 6.1.7Atlassian Jira 6.2.2Atlassian Jira 6.2.4Atlassian Jira 4.3.1Atlassian Jira 4.3.3Atlassian Jira 4.4.5Atlassian Jira 5.0.1Atlassian Jira 5.0.7Atlassian Jira 5.1.1Atlassian Jira 5.1.8Atlassian Jira 5.2.1Atlassian Jira 5.2.8Atlassian Jira 5.2.10Atlassian Jira 6.0.3Atlassian Jira 6.0.5Atlassian Jira 6.1.4Atlassian Jira 6.1.6Atlassian Jira 6.2.3Atlassian Jira 6.2.5
4.3
CVSSv3
CVE-2020-36231
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0...
Atlassian JiraAtlassian Jira ServerAtlassian Jira Server 8.13.3Atlassian Jira Software Data CenterAtlassian Jira Data CenterAtlassian Jira Data Center 8.13.3
5.4
CVSSv3
CVE-2020-14173
The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2,...
Atlassian JiraAtlassian Jira ServerAtlassian Jira Software Data CenterAtlassian Jira Data Center
NA
CVE-2014-2313
Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors....
Atlassian JiraAtlassian Jira 6.0.3Atlassian Jira 6.0.1Atlassian Jira 6.0.2Atlassian Jira 6.0
7.2
CVSSv3
CVE-2019-15001
The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator...
Atlassian Jira ServerAtlassian Jira Server 8.4.0Atlassian Jira Data CenterAtlassian Jira Data Center 8.4.0
4.3
CVSSv3
CVE-2019-20106
Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control...
Atlassian JiraAtlassian Jira ServerAtlassian Jira Server 8.6.0Atlassian Jira Software Data CenterAtlassian Jira Data CenterAtlassian Jira Data Center 8.6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remoteCVE-2022-47986CVE-2023-20963CVE-2023-1013CVE-2022-43628CVE-2023-1014log injectionCVE-2022-43639SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook