Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jira vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-43946
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote malicious users to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before vers...
Atlassian Jira Data Center
Atlassian Jira Server
7.5
CVSSv3
CVE-2019-20898
Affected versions of Atlassian Jira Server and Data Center allow remote malicious users to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0.
Atlassian Jira
Atlassian Jira Software Data Center
7.5
CVSSv3
CVE-2021-41305
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote malicious users to view the names of private projects and filters via an Insecure Direct Object References (IDOR) vulnerability in the Average Number of Times in Status Gadget. The affected versions...
Atlassian Jira
Atlassian Jira Software Data Center
4.3
CVSSv3
CVE-2019-20099
The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the m...
Atlassian Jira Server
Atlassian Jira Data Center
4.3
CVSSv3
CVE-2019-20404
The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote malicious users to determine project titles they do not have access to via an improper authorization vulnerability.
Atlassian Jira Server
Atlassian Jira Data Center
7.2
CVSSv3
CVE-2022-36799
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary...
Atlassian Jira Data Center
Atlassian Jira Server
6.5
CVSSv3
CVE-2021-43941
Affected versions of Atlassian Jira Server and Data Center allow remote malicious users to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. The aff...
Atlassian Jira Server
Atlassian Jira Data Center
7.2
CVSSv3
CVE-2021-43944
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary...
Atlassian Jira Server
Atlassian Jira Data Center
5.3
CVSSv3
CVE-2019-20403
The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote malicious users to determine if a Jira project key exists or not via an information disclosure vulnerability.
Atlassian Jira Server
Atlassian Jira Data Center
4.3
CVSSv3
CVE-2019-20407
The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote malicious users to view release version information in projects that they do not have access to through an missing authorisation check.
Atlassian Jira Server
Atlassian Jira Data Center
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
10
NEXT »