Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
jira vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-39111
The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the handling of...
Atlassian Data Center
Atlassian Jira Data Center
Atlassian Jira
Atlassian Jira Server
1 Github repository available
5.3
CVSSv3
CVE-2020-14185
Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version...
Atlassian Jira
Atlassian Jira Server
4.3
CVSSv3
CVE-2019-11588
The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability....
Atlassian Jira Server
Atlassian Jira
5.3
CVSSv3
CVE-2018-13391
The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version...
Atlassian Jira Server
Atlassian Jira
5.4
CVSSv3
CVE-2018-20232
The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location...
Atlassian Jira Server
Atlassian Jira
6.1
CVSSv3
CVE-2019-20901
The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter....
Atlassian Jira
Atlassian Jira Server 8.6.0
NA
CVE-2014-2313
Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors....
Atlassian Jira
Atlassian Jira 6.0.3
Atlassian Jira 6.0.1
Atlassian Jira 6.0.2
Atlassian Jira 6.0
4.3
CVSSv3
CVE-2019-20405
The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability....
Atlassian Jira Server
Atlassian Jira Data Center
5.3
CVSSv3
CVE-2021-26086
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version...
Atlassian Jira Data Center
Atlassian Jira Server
10 Github repositories available
5.3
CVSSv3
CVE-2020-14165
The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability....
Atlassian Jira
Atlassian Jira Software Data Center
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XML injection
CVE-2022-34713
log injection
CVE-2022-20384
CVE-2022-20382
CVE-2022-20251
CVE-2022-31656
CVE-2021-0975
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »