jira vulnerabilities and exploits

(subscribe to this query)

5

CVSSv2

JIRA Enterprise Edition before 3.12.1 allows remote attackers to delete another user's shared filter via a modified filter ID....

6.8

CVSSv2

Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings....

4.3

CVSSv2

The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance....

5

CVSSv2

The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability....

4.3

CVSSv2

Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) element or (2) defaultColor parameter to the Colour Picker page; the (3) formName parameter, (4) element parameter, or...

5

CVSSv2

An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. It is possible to obtain a list of all valid Jira usernames without authentication/authorization via the plugins/servlet/nfj/UserFilter?searchQuery=@ URI....

4.3

CVSSv2

Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery (CSRF) vulnerabilities....

4.3

CVSSv2

The Work Time Calendar app before 4.7.1 for Jira allows XSS....

4

CVSSv2

The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they do not have access to through an missing authorisation check....

6.8

CVSSv2

The Cprime Power Scripts app before 4.0.14 for Atlassian Jira allows Directory Traversal....

« PREV 1 2 3 4 5 6 7 NEXT »