Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jira vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-5983
The JIRA Workflow Designer Plugin in Atlassian JIRA Server prior to 6.3.0 improperly uses an XML parser and deserializer, which allows remote malicious users to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.
Atlassian Jira 4.2.4
Atlassian Jira 4.3
Atlassian Jira 4.3.1
Atlassian Jira 4.3.2
Atlassian Jira 4.3.3
Atlassian Jira 4.3.4
Atlassian Jira 4.4
Atlassian Jira 4.4.1
Atlassian Jira 4.4.2
Atlassian Jira 4.4.3
Atlassian Jira 4.4.4
Atlassian Jira 4.4.5
4.3
CVSSv2
CVE-2010-1164
Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 up to and including 4.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) element or (2) defaultColor parameter to the Colour Picker page; the (3) formName parameter, (4) elem...
Atlassian Jira 3.12
Atlassian Jira 3.12.1
Atlassian Jira 3.12.2
Atlassian Jira 3.12.3
Atlassian Jira 3.13
Atlassian Jira 3.13.1
Atlassian Jira 3.13.2
Atlassian Jira 3.13.3
Atlassian Jira 3.13.4
Atlassian Jira 3.13.5
Atlassian Jira 4.0
Atlassian Jira 4.0.1
1 Github repository
9
CVSSv2
CVE-2010-1165
Atlassian JIRA 3.12 up to and including 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.
Atlassian Jira 3.12
Atlassian Jira 3.12.1
Atlassian Jira 3.12.2
Atlassian Jira 3.12.3
Atlassian Jira 3.13
Atlassian Jira 3.13.1
Atlassian Jira 3.13.2
Atlassian Jira 3.13.3
Atlassian Jira 3.13.4
Atlassian Jira 3.13.5
Atlassian Jira 4.0
Atlassian Jira 4.0.1
4.3
CVSSv2
CVE-2013-5319
Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA prior to 6.0.5 allows remote malicious users to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa.
Atlassian Jira
Atlassian Jira 6.0
Atlassian Jira 6.0.1
Atlassian Jira 6.0.2
Atlassian Jira 6.0.3
4.3
CVSSv2
CVE-2014-2313
Directory traversal vulnerability in the Importers plugin in Atlassian JIRA prior to 6.0.5 allows remote malicious users to create arbitrary files via unspecified vectors.
Atlassian Jira
Atlassian Jira 6.0
Atlassian Jira 6.0.1
Atlassian Jira 6.0.2
Atlassian Jira 6.0.3
4.3
CVSSv2
CVE-2014-2314
Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA prior to 6.0.4 allows remote malicious users to create arbitrary files via unspecified vectors.
Atlassian Jira
Atlassian Jira 6.0
Atlassian Jira 6.0.1
Atlassian Jira 6.0.2
1 EDB exploit
4.3
CVSSv3
CVE-2020-36231
Affected versions of Atlassian Jira Server and Data Center allow remote malicious users to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.5.10, and from version 8...
Atlassian Jira
Atlassian Jira Data Center
Atlassian Jira Data Center 8.13.3
Atlassian Jira Server
Atlassian Jira Server 8.13.3
Atlassian Jira Software Data Center
4.3
CVSSv3
CVE-2020-14174
Affected versions of Atlassian Jira Server and Data Center allow remote malicious users to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from...
Atlassian Jira
Atlassian Jira Data Center
Atlassian Jira Data Center 8.10.0
Atlassian Jira Server
Atlassian Jira Server 8.10.0
Atlassian Jira Software Data Center
4.3
CVSSv3
CVE-2019-20106
Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote malicious users to make comments on a ticket to which they do not have commenting permissions via a broken access cont...
Atlassian Jira
Atlassian Jira Data Center
Atlassian Jira Data Center 8.6.0
Atlassian Jira Server
Atlassian Jira Server 8.6.0
Atlassian Jira Software Data Center
6.5
CVSSv3
CVE-2021-41308
Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote malicious users to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions ar...
Atlassian Jira
Atlassian Jira Data Center
Atlassian Jira Server
Atlassian Jira Software Data Center
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-46656
unknown
CVE-2025-46577
CVE-2025-32979
paicoding
XPath injection
hackmd
CVE-2025-3643
opplus
CSRF
local users
CVE-2025-32433
CVE-2025-32432
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »